🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Really proud to have 3 talks accepted for offensivecon! Congratz Quentin M, vdehors, David B and Lucas Georges 🥳 offensivecon.org/speakers/

Registration for trainings is now open! ⏳ Don't miss your chance to learn from the best and have a great time in Paris 🥐 hexacon.fr/register/

Finally found some time this weekend to work on an IDA plugin I've always wanted

Our ninjas will be at #OffensiveCon by the end of the week. Don't miss our 3 talks: 🧭Escaping the Safari Sandbox by Quentin M 🚘0-Click RCE on the Tesla Infotainment by vdehors and David B 🗝️Open Sesame by Lucas Georges See you there 👋

Our ninjas dzeta and aevy are ready to welcome our students for this week's training on cloud pentesting! 🇫🇷 From anonymous access to the compromise of GCP, AWS, Azure and Kubernetes environments, with hands-on practice on 4 different labs!

🎟️ The ticketing for #HEXACON2024 opens TODAY at 4PM (UTC+2) Don't miss your chance to secure your spot! hexacon.fr/register/

We're at SSTIC! For our first talk, myr and Hexa present Frinet (github.com/synacktiv/frin…)

Some of our ninjas are currently at #x33fcon! Come say hi 👋

Good news! We scheduled some french training sessions in the end of 2024. Come and get trained by our best ninjas about the following topics: Active Directory and Cloud Environments pentest. 🇫🇷More details here: synacktiv.com/en/offers/trai… Register at [email protected]

Want to know how we prevented some CI/CD supply chain attacks against Microsoft, FreeRDP, AutoGPT, Ant-Design, Cypress, Excalidraw and others? Read the second article in our series on exploiting GitHub Actions by Hugow. synacktiv.com/publications/g…

This is Olympic gold medal winning team! 😂

In our latest blogpost, Quentin Roland explores the inner workings of SCCM policies and introduces SCCMSecrets.py, a tool targeting secret policies in order to exploit misconfigurations, harvest credentials, and pivot across collections by impersonating legitimate clients.

Looking for offensive trainings for the end of the year? We've got french sessions for you! Come and get trained by our best ninjas on pentesting Active Directory (2 levels available), cloud environments and attacking some hardware! 🇫🇷 More details here: synacktiv.com/en/offers/trai…

#WineRump has started and Kévin Tellier is on stage to present DLHell

New script to dump the KCM database of recent versions of SSSD and convert Kerberos tickets to the standard CCACHE format to ease pass-the-cache: github.com/synacktiv/kcmd…

This year, we plan to give away 2 students tickets for #HEXACON2024! Reply to this post and we will draw the 2 winners in a week 🍀

Worried about attackers sneakily spying on your optical fibers ? Learn with @r3n1k how they operate, and how you can defeat them - for cheaper than a flagship smartphone ! synacktiv.com/publications/d…

Thanks a lot to Hexacon for hosting us! Big thanks to our wonderful trainers Jessica & Juliette for their intro to RE w Ghidra Jiska for her intro to iOS+Android debugging @cryptocorn for her training on firmware extraction & analysis. Sweet dreams of Ghidra and Frida 😌

GitLab recently released a patch for the Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409). Our ninjas Alexis Danizan and Pierre Milioni analyzed the patch and wrote the exploit code! github.com/synacktiv/CVE-…

And Baptiste M. is back for another talk: his journey into fixing a Nintendo Switch 🎮