🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The first ever #Pwn2Own Automotive is in the books! We awarded $1,323,750 throughout the event and discovered 49 unique zero-days. A special congratulations to @synacktiv, the Masters of Pwn! Stay with us here and at the ZDI blog as we prepare for Pwn2Own Vancouver in March.

Take a break and read our new #PluginFocus article! Martin Perier and Louis Jacotot from Synacktiv introduce Frinet – a combination of a Frida-based tracer that supports iOS, Android, Linux, Windows with an enhanced version of the Tenet trace explorer 🌐 hex-rays.com/blog/plugin-fo…

Most impressive! The ninjas from Synacktiv needed less that 30 seconds to demonstrate their exploit on the Tesla ECU with Vehicle (VEH) CAN BUS Control. The attempt was done in an RF enclosure to ensure no passers by were impacted. #Pwn2Own

Confirmed!!! The Synacktiv team used a single integer overflow to exploit the #Tesla ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!). Awesome work as always. #Pwn2Own #P2OVancouver

0-Click RCE on the Tesla Infotainment Through Cellular Network by David B and vdehors offensivecon.org/speakers/2024/…

Open Sesame: Stack Smashing Your Way into Opening Doors by Lucas Georges offensivecon.org/speakers/2024/…

So proud to talk for the first time at offensivecon about how fun it is to escape the Safari sandbox!

Here we are! Time for Quentin M talk at #OffensiveCon 🧭

Our second talk is about pwning the Tesla Infotainment in 0-click, by vdehors and David B

Finally, Lucas Georges is on stage to present how he got RCE over RFID

Ticket sales for #HEXACON2024 are now OPEN! 📆 4th & 5th of October 2024 🎫 Standard price: 1210€ 🎟 Reduced price: 660€ hexacon.fr/register/

We're at SSTIC! For our first talk, myr and Hexa present Frinet (github.com/synacktiv/frin…)

"0-click RCE on Tesla Model 3 through TPMS Sensors" 🚗 by David BERARD (@_p0ly_) & Thomas Imbert (Mastho)

A few months ago, the FreeBSD Foundation appointed us to audit two #FreeBSD critical components: the Bhyve hypervisor and the Capsicum sandboxing framework. Today, related advisories and patches have come out 🧵 1. Multiple vulnerabilities in libnv freebsd.org/security/advis…

The report of the #FreeBSD audit conducted by Mastho and JB Cayrou is finally out! freebsdfoundation.org/blog/strengthe…

Hope you didn't miss voydstack rump!

In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. F4b took a long journey down a rabbit hole to understand its root cause. synacktiv.com/en/publication…

The last Sthack talk was David B talking about the Tesla WallConnector ⚡️

🚗🔌 We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging cable. From protocol analysis to code execution, a Pwn2Own Automotive 2025 exploit write-up. synacktiv.com/en/publication…

If you are planning to learn about iOS, don't miss this training. Quentin and Etienne are exceptional researchers. No CVE ≠ no 0-days 😉😇