Just wrapped up two fantastic training sessions at #Hexacon! A big thank you to everyone who joined us for our deep dives into Active Directory/Azure and iOS internals. It was great to share knowledge and learn together!

During a recent engagement, Justin Bollinger discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new #blog! hubs.la/Q02SCqpG0

Administrator Protection, introduced in the latest Windows Insider Canary build, is a solid security enhancement... uhh.. really?? can be bypassed with Antonio Cocomazzi's clever SspiUacBypass tool. Check it out here: github.com/antonioCoco/Ss…

Hi! We'd like to share our new research with you. You've probably heard about COM Hijacking, but we've found another way of persistence via COM. Typelib! Read the article here: medium.com/@cicada-8/hija…

Octoscan, our GitHub actions vulnerability scanner, is now available as a GitHub action! It will find vulnerabilities in new commits and pull requests, and upload it to GitHub as it now supports the SARIF file format! github.com/synacktiv/acti…

Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by Hugow to discover how to perform this attack: synacktiv.com/publications/r…

SCCMSecrets.py. SCCM policies exploitation tool, by Quentin Roland github.com/synacktiv/SCCM…

Coffee break thoughts: "is it possible to bruteforce RPC endpoint to perform code exec if you can't access EPM/SMB?" 99% impacket atexec + 1% "for loop" = 100% prod ready gist.github.com/ThePirateWhoSm… (silent command only) h/t SAERXCIT 🌻

I am excited to share with you my latest research - "DCOM Upload & Execute" An advanced lateral movement technique to upload and execute custom payloads on remote targets Forget about PSEXEC and dive in! deepinstinct.com/blog/forget-ps… github.com/deepinstinct/D…

You can now relay any protocol to SMB over Kerberos with krbrelayx.py and the latest PRs from Hugow. Thanks Dirk-jan for merging it! Here is an example from SMB to SMB:

You can now use LDAP/LDAPs protocols with the SOCKS proxy of ntlmrelayx thanks to the PR from Pierre Milioni (now merged upstream). Here is an example with ldeep using relayed authentication from HTTP to LDAPs :

I'm out, see you on the other side : bsky.app/profile/kevint…

Our ninjas are attending SO-CON! Come and say hi 👋

For the second year in a row, we managed to get first place at the #HackTheBox Business #CTF 2025! 🥇 Congratulations to GMOサイバーセキュリティ byイエラエ株式会社【公式】 and Downscope and thanks to Hack The Box for the fun challenges! 🥳

To those who set the bar 🥂 Global Cyber Skills Benchmark 2025 is over, and the leaderboard has spoken. Huge congrats to the top corporate #cybersecurity teams who crushed it in this global competition: 🥇 Synacktiv 🥈 GMOセキュリティ24 |Webサイトリスク・パスワード漏洩診断 | セキュリティAI相談 🥉 downscope.org #HackTheBox

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

Check out how I discover CVE-2025-33073 : RCE with NTLM reflectiv attack allowing authenticated user to compromise any machine without SMB signing enforced !

🚨 Les experts français de Synacktiv transforment le Thermomix en démonstration de hacking :) Manipulation de température, messages personnalisés... tout est possible ! On vous raconte ça 👉 clubic.com/actualite-5728… #thermomix

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc kalimero Quentin Roland Wil

Our ninjas are in Vienna for the T-REX conference! 🎤 Kévin Tellier delivered a session exploring advanced Red Team lateral movement techniques built on DCOM - a great opportunity to exchange practices with fellow experts. Thank you to the OeNB for hosting such a great event!