Earlier today, David B and vdehors were at CODE BLUE to present their work on the Tesla Model 3, which allowed them to score 2 entries during latest #Pwn2Own Vancouver

How to turn an unbalanced unlock kernel bug🪳into a Use-After-Free (CVE-2023-2612)? The #Grehack23 slides are now available 👉synacktiv.com/sites/default/…

To facilitate reverse-engineering of large programs, vulnerability research and root-cause analysis on iOS, Android, and other major platforms, myr and Hexa released Frinet, a tool combining Frida with an enhanced version of Tenet. synacktiv.com/publications/f…

Here we are! 🥷 Masters of pwn for the third time 🎉 Congratulations to all the ninjas involved! #Pwn2Own

Synacktiv is looking for an additional team leader for its Reverse-Engineering Team! Find out if you are a good candidate by reading our offer (🇫🇷). synacktiv.com/responsable-de…

The time has come, and with it your reading material for the week. Phrack #71 is officially released ONLINE! Let us know what you think! phrack.org/issues/71/1.ht…

A few months ago, the FreeBSD Foundation appointed us to audit two #FreeBSD critical components: the Bhyve hypervisor and the Capsicum sandboxing framework. Today, related advisories and patches have come out 🧵 1. Multiple vulnerabilities in libnv freebsd.org/security/advis…

Thank you everyone for having attended the finals, we really had fun commenting! 🥃 Huge congratulations to the competitors, it was a very stressful situation! 🥵 And it wouldn't have been possible without the amazing voydstack and Juju 💪

It's SteakOverflow today (by ESN'HACK)! Baptiste M. and Romaiη  present how they compromised the BC500 during #Pwn2Own

I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk + vod should hopefully be published soon. github.com/PS5Dev/Byeperv…

Rio After the first safari -> root chain we landed, I just sat there running it over and over in awe It’s very difficult to express that feeling, seeing months of complexity compressed down into a single moment….

Better late than never... My Hexacon 2023 slides for "Finding and Exploiting an Old XNU Logic Bug" and the exploit code (WITH THE ANIMATED ASCII ART 🥷🔪🍎!!!) are up synacktiv.com/sites/default/… / github.com/synacktiv/CVE-…

Last month Arizona State University I presented my work on formalizing automated bug discovery, developing a framework to characterize the full spectrum of approaches - from fuzzing to human analysis. I'm sharing my evolving perspective on the fundamental nature of the bug finding problem. Full

In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. F4b took a long journey down a rabbit hole to understand its root cause. synacktiv.com/en/publication…

A successful collision! Corentin BAYET (cbayet) from REverse_Tactics used 2 bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 & 11.5 Master of Pwn points. #Pwn2Own

Confirmed! Thomas Bouzerar (Major_Tom) and Etienne Helluy-Lafont from Synacktiv (Synacktiv) used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own

Userland iOS aficionados, I released a simple IDA plugin that should improve your Objective-C experience. For now it removes ARC function calls in decompiled code (eg objc_retain) and helps listing candidate callers to a method. Check it out at github.com/synacktiv/objc…

The latest Synacktiv Summer Challenge was in 2019, and after 6 years, it's back! Send us your solution before the end of August, there are skills to learn and prizes to win 🎁 synacktiv.com/en/publication…

Linux kernel: a new feature has landed in this release Jann Horn: