Right before #Pwn2Own Ireland 2024, Baptiste M. found a vulnerability in Synology TC500 & BC500 security cameras. A blind format string exploit allowed code execution, but Synology patched it, securing the devices in time for the competition. synacktiv.com/publications/e…

From 10 meters, they can control your bicycle's gears: Multiple attack vectors on Shimano bicycles have been published. Useful for competitions & deadly for safety🛑🚴💥 PDF: "MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles" usenix.org/system/files/w…

Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by Hugow to discover how to perform this attack: synacktiv.com/publications/r…

RCE via the Fax Machine by Rick de Jager and Carlo Meijer media.ccc.de/v/38c3-dialing… fahrplan.events.ccc.de/congress/2024/…

I taught a killer training of glibc malloc heap exploitation for several years. After some effort, the content is now open source and mostly ready to consume! Half of the videos are posted for the course. 🔥 github.com/SecurityInnova…

A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by kalimero. synacktiv.com/advisories/mic…

Whew! It took two attempts but the Synacktiv team successfully exploited the #ChargePoint EV Charger and demonstrated signal manipulation over the connector. They are off to the disclosure room to go over how they did it. #P2OAuto #Pwn2Own

We're doomed! At least the #Kenwood IVI is since Synacktiv exploited the system and loaded a video of the classic FPS. They're off to the disclosure room to provide details on the exploit and why Doom isn't playable. #P2OAuto #Pwn2Own

Wow. Just wow. The @synacktiv team was able to take over the #Tesla Wall Connector while having their exploit originate from the Charging Connector. To our knowledge, that's never been demonstrated publicly before. They head to the disclosure room with details. #P2OAuto #Pwn2Own

Not surprising anyone, Synacktiv succeeds again. This time, they exploited the Sony XAV-AX8500. They head off to the disclosure room (again) to tell us how they did it. #P2OAuto #Pwn2Own

Confirmed! The Synacktiv team used a single buffer overflow to exploit the Autel MaxiCharger. They were also able to demonstrate signals being transmitted via the Charging Connector for the add on. This work earns them $35,000 and 6 Master of Pwn points. #P2OAuto #Pwn2Own

In our latest article, Quentin Roland proposes an implementation of a trick discovered by James Forshaw in his research. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests! synacktiv.com/publications/a…

Très sympa d'enregistrer cet épisode où on a parlé relay kerberos et Red-Team 🥷 merci mpgn 🙏

We've just updated our training catalog to include the latest additions, including a brand new course on ransomware investigations! Find all the dates and details at synacktiv.com/en/offers/trai…

In our latest article, laxa revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at synacktiv.com/publications/l….

In our latest article, Quentin Roland and Scaum demonstrate a trick allowing to make Windows SMB clients fall back to WebDav HTTP authentication, enhancing the NTLM and Kerberos relaying capabilities of multicast poisoning attacks! synacktiv.com/publications/t…

Interested in vulnerabilities in video games? 🎮 Tomtombinary presented critical flaws in Neverwinter Nights Enhanced Edition at #Hexacon, which could allow attackers to take control of players' computers. 🛡️ Check out the full details of these bugs!👇 synacktiv.com/en/publication…

🚀 This week, Us3r777 & Pierre kick off our new Whitebox Vulnerability Research training! Students will dive into PHP, Java, and .NET, analyzing & exploiting 1-day vulnerabilities. Let’s get started! 💻🔍

The hidden JTAG in your Qualcomm/Snapdragon device’s USB port linaro.org/blog/hidden-jt…

Exploiting the IKKO Activebuds "AI powered" earbuds blog.mgdproductions.com/ikko-activebud…