🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

That’s a wrap for #P2OVancouver! Contestants disclosed 27 unique 0-days and won a combined $1,035,000 (and a car)! Congratulations to the Masters of Pwn, Synacktiv, for their huge success and hard work! They earned 53 points, $530,000, and a Tesla Model 3. #Pwn2Own

Team Synacktiv: Eloi Benoist-Vanderbeken Eloi Benoist-Vanderbeken, David Berard David B, Vincent Dehors vdehors, Tanguy Dubroca Sideway, Thomas Bouzerar Major_Tom, and Thomas Imbert Mastho. They also receive a $25,000 bonus and Platinum status in 2024.

Part 2 - Attacking the compiler process: cturt.github.io/mast1c0re-2.ht… Ultimately I didn't finish the exploit, but hopefully it's still interesting, and maybe we will see a full exploit implementation from someone else in the future.

[ZDI-23-486|CVE-2023-21988] (Pwn2Own) Oracle VirtualBox GPA Request Handling Uninitialized Memory Information Disclosure Vulnerability (CVSS 6.0; Credit: Major_Tom from Synacktiv) zerodayinitiative.com/advisories/ZDI…

🔪💻 Finding and exploiting an old XNU logic bug, by Eloi Benoist-Vanderbeken (Eloi Benoist-Vanderbeken)

📦 Breaking Out of the Box: Technical analysis of VirtualBox VM escape with Windows LPE, by Thomas Bouzerar (Major_Tom) and Thomas Imbert (Mastho)

kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices: github.com/felix-pb/kfd

As announced at #FIC, Synacktiv is opening a new office in the center of #lille with a team of 7 ninjas. All our positions are now open in Lille 📍7 Boulevard Louix XIV. If you want to join us : [email protected]

The program for GreHack is out with 3 Synacktiv talks! 🖥️ Virtualization from an attacker Point-Of-View: cbayet & Major_Tom 🚘 Unlocking the Drive: Exploiting Tesla Model 3: David B & vdehors 🐧 Ubuntu Shiftfs: Unbalanced Unlock Exploitation Attempt: JB Cayrou

Now, Mastho and Major_Tom are on stage to present their VirtualBox chain used during #Pwn2Own

🎥 Recordings of #HEXACON2023 talks are now available on our YouTube channel: youtube.com/channel/UCtzuV…

For the second talk of the day, cbayet and Major_Tom present their methodology on attacking virtualization solutions. #GreHack23

Here we are! 🥷 Masters of pwn for the third time 🎉 Congratulations to all the ninjas involved! #Pwn2Own

Decided to publish PPPwn early. The first PlayStation 4 Kernel RCE. Supporting FWs upto 11.00. github.com/TheOfficialFlo…

Feels great when an idea can finally be tested and works out after like a year :) Shouts to ChendoChap for working out the ROP chain. Protip: staying < 3.00 is a good idea.

I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk + vod should hopefully be published soon. github.com/PS5Dev/Byeperv…

In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. F4b took a long journey down a rabbit hole to understand its root cause. synacktiv.com/en/publication…

A successful collision! Corentin BAYET (cbayet) from REverse_Tactics used 2 bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 & 11.5 Master of Pwn points. #Pwn2Own

Boom! Thomas Bouzerar (Major_Tom) and Etienne Helluy-Lafont from Synacktiv (Synacktiv) close out #Pwn2Own in style with a guest-to-host escape in VMware Workstation. If confirmed, it will put the total contest payout at over $1,000,000! #Pwn2Own

Confirmed! Thomas Bouzerar (Major_Tom) and Etienne Helluy-Lafont from Synacktiv (Synacktiv) used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own