vdehors (@vdehors) 's Twitter Profile
vdehors

@vdehors

ID: 1144670037099368448

calendar_today28-06-2019 18:12:58

90 Tweet

1,1K Followers

213 Following

Synacktiv (@synacktiv) 's Twitter Profile Photo

To facilitate reverse-engineering of large programs, vulnerability research and root-cause analysis on iOS, Android, and other major platforms, myr and Hexa released Frinet, a tool combining Frida with an enhanced version of Tenet. synacktiv.com/publications/f…

Alex Plaskett (@alexjplaskett) 's Twitter Profile Photo

1/ Pwn2Own automotive was my first time looking into automotive security. From this really limited perspective it was immediately obvious is that the majorly of targets within the competition didn’t have a crazy high security posture (probably excluding Tesla - as that’s a total

Trend Zero Day Initiative (@thezdi) 's Twitter Profile Photo

Confirmed!!! The Synacktiv team used a single integer overflow to exploit the #Tesla ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!). Awesome work as always. #Pwn2Own #P2OVancouver

Confirmed!!! The <a href="/Synacktiv/">Synacktiv</a> team used a single integer overflow to exploit the #Tesla ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!). Awesome work as always. #Pwn2Own #P2OVancouver
Trend Zero Day Initiative (@thezdi) 's Twitter Profile Photo

Wow. Manfred Paul was able to demo his exploit with sandbox escape on #Mozilla Firefox. If confirmed, that puts him in the lead for Master of Pwn. It also means he has exploited #Chrome, #Edge, #Safari, and #Firefox in two days. Just amazing work. #Pwn2Own

Lau (@notselwyn) 's Twitter Profile Photo

Exciting news! 🚀 Just dropped my blogpost unveiling the universal Linux kernel LPE PoC for CVE-2024-1086 (working on v5.14 - v6.7) used for pwning Debian, Ubuntu, and KernelCTF Mitigation instances, including novel techniques like Dirty Pagedirectory 🧵 pwning.tech/nftables

Synacktiv (@synacktiv) 's Twitter Profile Photo

Our ninjas will be at #OffensiveCon by the end of the week. Don't miss our 3 talks: 🧭Escaping the Safari Sandbox by Quentin M 🚘0-Click RCE on the Tesla Infotainment by vdehors and David B 🗝️Open Sesame by Lucas Georges See you there 👋

Hexacon (@hexacon_fr) 's Twitter Profile Photo

A few tickets for #HEXACON2024 are still on sale, don't miss them! Register for our top-notch trainings and learn from the best in the industry 🎓 hexacon.fr/register/

A few tickets for #HEXACON2024 are still on sale, don't miss them!

Register for our top-notch trainings and learn from the best in the industry 🎓

hexacon.fr/register/
Ken Shirriff (@kenshirriff) 's Twitter Profile Photo

To use the Montreal subway, you tap a paper ticket against the turnstile and it opens. But how does it work? And how can the ticket be so cheap that it's disposable? I opened up the tiny NFC chip inside to find out more... 1/15

To use the Montreal subway, you tap a paper ticket against the turnstile and it opens. But how does it work? And how can the ticket be so cheap that it's disposable? I opened up the tiny NFC chip inside to find out more... 1/15
chompie (@chompie1337) 's Twitter Profile Photo

The past year has been amazing. From marriage, to Pwn2Own to a Pwnie Award, I'm so grateful. I'm using the money I've won from hacking competitions, bounties, & RB for two ppl to travel & attend Hexacon, the premier offensive security con in Paris, France. forms.gle/zt9RaR7EEvTxWG…

Synacktiv (@synacktiv) 's Twitter Profile Photo

A few months ago, the FreeBSD Foundation appointed us to audit two #FreeBSD critical components: the Bhyve hypervisor and the Capsicum sandboxing framework. Today, related advisories and patches have come out 🧵 1. Multiple vulnerabilities in libnv freebsd.org/security/advis…

Synacktiv (@synacktiv) 's Twitter Profile Photo

Right before #Pwn2Own Ireland 2024, Baptiste M. found a vulnerability in Synology TC500 & BC500 security cameras. A blind format string exploit allowed code execution, but Synology patched it, securing the devices in time for the competition. synacktiv.com/publications/e…

Raspberry Pi (@raspberry_pi) 's Twitter Profile Photo

Security through transparency: all chips have vulnerabilities, and most vendors' strategy is not to talk about them. In contrast, we aim to find and fix them. Read the results of our RP2350 Hacking Challenge: rpltd.co/rp2350-challen…

Security through transparency: all chips have vulnerabilities, and most vendors' strategy is not to talk about them. In contrast, we aim to find and fix them. 

Read the results of our RP2350 Hacking Challenge: rpltd.co/rp2350-challen…
Trend Zero Day Initiative (@thezdi) 's Twitter Profile Photo

And that’s a wrap! #Pwn2Own Automotive 2025 is complete. In total, we awarded $886,250 for 49 0-days over the three day competition. With 30.5 points and $222,250 awarded, Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam) is our Master of Pwn. #P2OAuto

And that’s a wrap! #Pwn2Own Automotive 2025 is complete. In total, we  awarded $886,250 for 49 0-days over the three day competition. With 30.5  points and $222,250 awarded, Sina Kheirkhah (<a href="/SinSinology/">SinSinology</a>) of Summoning Team (<a href="/SummoningTeam/">SummoningTeam</a>) is our Master of Pwn. #P2OAuto
Synacktiv (@synacktiv) 's Twitter Profile Photo

Hunters International RaaS group has claimed 280+ victims since Oct 2023. Check out our latest blog post on the TTPs they use, including SMOKEDHAM malvertising & ESXi ransomware with advanced obfuscation. #RaaS #CyberSecurity #ThreatAnalysis synacktiv.com/en/publication…

Xeno Kovah (@xenokovah) 's Twitter Profile Photo

I’ve posted a detailed explanation of why the claimed ESP32 Bluetooth chip “backdoor” is not a backdoor. It’s just a poor security practice which is found in other Bluetooth chips by vendors like Broadcom, Cypress, and Texas Instruments too. darkmentor.com/blog/esp32_non…

Rémi J. (@netsecurity1) 's Twitter Profile Photo

🚨 Interested in Windows kernel exploitation? Our SSTIC 2025 talk on the Shadow Stack implementation in the Windows kernel is now online! 📄 Paper: sstic.org/media/SSTIC202… 📑 Slides: sstic.org/media/SSTIC202…