F4b

Congrats to tek and anyfun for landing the first successful entry at #Pwn2OwnCork - exploiting a stack overflow on Synology BeeStation Plus for $40,000 and 4 Master of Pwn points in the process 💥

Let’s keep pushing 💪

#P2OIreland #Synacktiv

Quantum readiness: Hybridizing key exchanges Quantum readiness: Hybridizing key exchanges

Our post-quantum cryptography series continues!

This new article by @bluesheeet.bsky.social unpacks the hybridization of key exchanges, covering theory and implementations.

Read all about why it matters, how to approach it safely, and some misconceptions here 👇
www.synacktiv.com/en/publicati...

LinkPro: new stealthy #Linux rootkit based on eBPF 🔍️

Our #CSIRT team discovered and named LinkPro, a new Linux rootkit, during an incident response. It exploits eBPF for evasion and persistence.
Here are the four key technical points in the image below. 💡

🔗 www.synacktiv.com/en/publicati...

That's a wrap for Hexacon 2025!

We hope that you've enjoyed the event at least as much as we did 🤩

Please take a moment to fill out our satisfaction survey and help us make Hexacon 2026 even better 🔥

Thank you for trusting us year after year 🙏

🎯 New training session: #ActiveDirectory Intrusion Tactics – Advanced Level
5 intense days diving into advanced AD intrusion techniques.

Don’t miss our upcoming offensive #cybersecurity courses!
🔗 www.synacktiv.com/en/offers/tr...

LLM Poisoning [1/3] - Reading the Transformer's Thoughts LLM Poisoning [1/3] - Reading the Transformer's Thoughts

LLM Poisoning [1/3]: Local LLMs are vulnerable to supply chain attacks.
Inject a trigger-activated Trojan in a LLM. First step, build a probe to read a transformer's pre-down MLP activations to detect your chosen trojan trigger.

🔗 Full article www.synacktiv.com/en/publicati...

#LesAssises2025, here we go 🚀

Come and meet us at 𝘀𝘁𝗮𝗻𝗱 𝗙𝟮𝟴 to discuss your challenges and find out how we can strengthen your #cyber posture.
Adrien, Augustin and Neder will be on hand to answer all your questions and share their insights.

Seeing you there 🤝

A look back at our ninjas' first day at @hexacon.bsky.social !

We are proud of our experts Quentin and Etienne, who are leading the ‘iOS for Security Engineers’ training course.
At the same time, Matthieu and Paul are hard at work on the ‘Azure intrusion for red teamers’ training course 🚀

📢"Paint it Blue: Attacking the Bluetooth stack" by Mehdi Talbi and Etienne Helluy-Lafont

Tick tock... 7 days to go until #Hexacon2025 kicks off ⏳

The @synacktiv.com team can't wait to see you at this crucial event for the #cyber ecosystem.
Our experts will be on hand to discuss the latest innovations in pentesting and reverse engineering with you !

ℹ️ www.hexacon.fr

What could go wrong when MySQL strict SQL mode is off? What could go wrong when MySQL strict SQL mode is off?

In our new blogpost, Alexandre Z. shows how one can abuse Unicode characters to bypass filters and abuse shell globbing, regexp, HTTP query parameters or WAFs when #MySQL strict SQL mode is off 👇
www.synacktiv.com/en/publicati...

Join us on 24 November for the Azure Intrusion Tactics training course 🛡️

Learn offensive techniques for compromising Azure environments. Realistic scenarios, stealthy approaches and cutting-edge expertise.

Information & registration 👇
www.synacktiv.com/en/offers/tr...

Last sponsor to announce: Synacktiv! 🥷

@synacktiv.com strives to help firms evaluate and improve their IT security, everybody there is working to make it the 🇫🇷 standard in offensive security.

There will a be a lot of ninjas lurking around, feel free to reach them out!

📢"Inside Apple Secure Enclave Processor in 2025" by Quentin Salingue

Sharing is caring ❤️ This month, our ninjas presented their research all over the world to the offsec community!

Links and more details below 👇️

Quantum readiness: Hybridizing signatures Quantum readiness: Hybridizing signatures

Missed our post-quantum cryptography series?
In our latest article, we explore cryptographic hybridization, with a focus on digital signatures.
Learn how to ensure a safe transition and avoid basic implementations pitfalls here👇
www.synacktiv.com/en/publicati...

The Phantom Extension: Backdooring chrome through uncharted pathways The Phantom Extension: Backdooring chrome through uncharted pathways

How safe is your browser?
Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers.
Read more here ⬇️
www.synacktiv.com/en/publicati...

Exploring GrapheneOS secure allocator: Hardened Malloc Exploring GrapheneOS secure allocator: Hardened Malloc

A technical look at @grapheneos.org Hardened Malloc, a memory allocator designed to mitigate heap corruption vulnerabilities (UAF, overflows) and break common exploit primitives.
Deep dive for security researchers & exploit developers by @nicoski.bsky.social
www.synacktiv.com/en/publicati...

This summer @synacktiv.com organized an interesting challenge: the aim was to craft a container image as small as possible which replicated itself (i.e. an OCI Image Quine), bsky.app/profile/syna....
I am now publishing a write-up of what I did (Rust/asm/code golfing/...): github.com/fishilico/sy...

DCOM is everywhere, but its inner workings feel like black magic. 🪄 Unveil the mystery with @kevintell.bsky.social's new article on DCOM basics. Trust us, it's way cooler than it sounds!

www.synacktiv.com/en/publicati...

Aaaand the first talk to be announced is... 🥁

Exploiting the Undefined: PWNing Firefox by Settling its Promises by Tao Yan & Edouard Bochin

Hexacon - Conference – Speakers Discover the accepted talks for this edition!

🚨 Time to reveal our first-class lineup for HEXACON 2025! ✨

A few training spots are still available if you want to join the party! 🎉
Unfortunately, trainings + conference packs are sold out

www.hexacon.fr/conference/s...

🧑‍🎓 Boost your offensive Active Directory skills with our Entry & Advanced trainings. Hands-on labs with dozens of machines + latest research from DEFCON, x33fcon & more! Seats are limited, don’t miss out!
🔗 Entry: www.synacktiv.com/en/offers/tr...
🔗 Advanced: www.synacktiv.com/en/offers/tr...

🚀 Grab your seat for Sept 29! 🚀
Join our Cloud Intrusion Tactics training for a hands-on overview of offensive security across AWS, Azure, GCP & Kubernetes. Seats are limited, don’t miss out! 👉 www.synacktiv.com/en/offers/tr...

⚡️ Ready for some Rust ⚙️ + hacking 🕵️‍♂️? Two of our ninjas will land in Florence 🇮🇹 for #rustLab2025!

📅 Nov 2–4 🔥 Workshop: Network Interception in Rust – Build a MITM Tool from Scratch

Hands-on. Real packets. Real fun. 👉 rustlab.it/talks/networ...

We’re thrilled to announce Donncha Ó Cearbhaill (@donncha.is) as our keynote speaker for HEXACON 2025! 💥

No doubt he has plenty of juicy stories up his sleeve 👾

Extraction of Synology encrypted archives - Pwn2Own Ireland 2024 Context During Pwn2Own Ireland 2024 we targeted the BeeStation BST150-4T a NAS from Synology.

We've just released a tool to decrypt all Synology encrypted archives! We used it to compare SynologyPhotos versions and highlight our #Pwn2Own Ireland 2024 vulnerability on the BeeStation BST150-4T. Check out our blog post for more details.
www.synacktiv.com/en/publicati...

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc @kalimer0x00.bsky.social @quent0x1.bsky.social @wilfri3d.bsky.social