We did it 😃! What a blast to be part of a team able to claim the title of Master of Pwn! Kudos to all other participants and to Trend Zero Day Initiative for the flawless organization. Let’s wait for the patches, then we’ll share the technical details with the community 🤙

PhD candidate in Programming Languages nearing thesis submission looking for (ideally remote) positions from Oslo, Norway. Some topics I'm interested in are compilers, verification, security, and cryptography. DM for resume! RTs appreciated😊

Croissants, red wine and high-quality offensive security talks in a wonderful place? That's all the Hexacon team is promising for October 2022. Details and Call For Papers are coming very soon... Until then, a bit more teasing for you folks: hexacon.fr #HEXACON2022

SAVE THE DATE - Mardi 11 octobre 20h00 - 01h Pour prendre vos places, c'est ici à 18h: helloasso.com/associations/s…

[INTERNSHIPS 🇫🇷] We just published our offers for the 2022-2023 season! We're ready to be flooded by your resumes 😆 Apply now! #pentest #reverse #dev #infra #dfir synacktiv.com/nous-rejoindre…

Content de participer en tant que speaker à cette première édition de Sécur'Insa ! Il est temps de partager l'expérience acquise à Synacktiv :)

Today I share with you #RustHound🦀. A new AD collector written in #Rust for #BloodHound! It is cross-platform, cross-compiled and generates all json files needed. Other modules will be available as under development!🔥 Hope you will enjoy it! github.com/OPENCYBER-FR/R…

.rar 0x1 c'est fini! Merci pour votre présence ! Nous remercions encore une fois Synacktiv, qui nous a fait confiance, pour notre premier événement. Également les intervenants pour leur supers conférences. ⬇️👀📸Laluka@OffenSkill

J'ai eu l'occasion de donner mon premier talk "Attacking SUID binaries" à RumpÀRennes mardi soir ! Merci à Sécur'Insa pour cette première édition organisée avec soins, je reviendrai avec plaisir :)

Definitely spent a very good time at Hexacon! Amazing place, high quality talks and great people, what else could be said?

Watchout! CVE-2023-22809 on Sudo was patched today to prevent a privilege escalation on sudoedit. Read the security advisory by aevy and vic: synacktiv.com/sites/default/…

🍏iOS is all the rage nowadays: that's where the good stuff is located for nation-state attackers and  is gulping down every world-class researcher it can hire … Bootstrap your iOS research at #HEXACON2023 thanks to vic and Etienne Helluy-Lafont: hexacon.fr/trainer/cutill…!

[ZDI-23-900|CVE-2023-35001] (Pwn2Own) Linux Kernel nftables Incorrect Pointer Scaling Local Privilege Escalation Vulnerability (CVSS 7.8; Credit: Tanguy DUBROCA (Sideway) from Synacktiv (Synacktiv)) zerodayinitiative.com/advisories/ZDI…

Sometimes simple is best. See how Sideway exploited a 9-year-old Linux kernel bug at #Pwn2Own Vancouver 2023! synacktiv.com/publications/o…

To facilitate reverse-engineering of large programs, vulnerability research and root-cause analysis on iOS, Android, and other major platforms, myr and Hexa released Frinet, a tool combining Frida with an enhanced version of Tenet. synacktiv.com/publications/f…

Our ninja Mastho solved a tough challenge during PotluckCTF with an ingenious approach: he built a decompiler for a custom ISA by lifting instructions to Binary Ninja IL. Read the "Pot of Gold" write-up (kudos to blasty for creating the challenge): synacktiv.com/publications/l…

Have you ever wondered what the attack surface of Counter Strike: Global Offensive looks like? Our ninjas myr and vic studied it and found a server to client bug! Read more details about this research in our latest blogpost. synacktiv.com/publications/e…

Userland iOS aficionados, I released a simple IDA plugin that should improve your Objective-C experience. For now it removes ARC function calls in decompiled code (eg objc_retain) and helps listing candidate callers to a method. Check it out at github.com/synacktiv/objc…