On stage at #x33fcon for the lightning talks! Web payloads management, EDR bypasses and insights into CVE-2025-33073🔥

12.06.2025 11:02 — 👍 4    🔁 2    💬 0    📌 0

It's now time for @matthieub.bsky.social and @b-paul.bsky.social to present Azure conditional access policies ☁️ #SSTIC2025

05.06.2025 12:35 — 👍 7    🔁 4    💬 0    📌 0

Last chance to grab early bird tickets for our Azure Intrusion training at #BHUSA 2025! Join us in Las Vegas for 100% offensive, hands-on content showcasing real-world attack techniques against modern Azure environments! @blackhatevents.bsky.social outline at www.blackhat.com/us-25/traini...

19.05.2025 13:03 — 👍 2    🔁 3    💬 0    📌 0

Azure intrusion for red teamers

by Paul Barbé & Matthieu Barjole

www.hexacon.fr/trainer/barb...

15.04.2025 14:46 — 👍 8    🔁 8    💬 0    📌 1

Hack the channel: A Deep Dive into DVB Receiver Security Introduction During a garage cleaning, we found a DVB receiver and thought it would be a great target for vulnerability research.

From firmware dumps to wireless exploration — check out our latest dive into DVB receiver analysis and the hidden attack surface it exposes!
www.synacktiv.com/en/publicati...

09.04.2025 06:36 — 👍 11    🔁 11    💬 0    📌 0

Want to master cutting-edge techniques for attacking Azure?
Join us this summer at @blackhatevents.bsky.social in Vegas for a deep dive into red teaming on Azure, M365, Azure DevOps, and hybrid infrastructures.
Early bird tickets available until May 23rd!
www.blackhat.com/us-25/traini...

17.03.2025 16:16 — 👍 15    🔁 8    💬 0    📌 1

Taking the relaying capabilities of multicast poisoning to the next level: tricking Windows SMB clients into falling back to WebDav

In our latest article, @croco-byte.bsky.social and @scaum.bsky.social demonstrate a trick allowing to make Windows SMB clients fall back to WebDav HTTP authentication, enhancing the NTLM and Kerberos relaying capabilities of multicast poisoning attacks!
www.synacktiv.com/publications...

27.02.2025 10:21 — 👍 10    🔁 5    💬 0    📌 0

Exciting news, our Offensive Azure training has been accepted at #x33fcon! 🥳 Can’t wait to see you there and dive into the latest techniques for attacking Azure environments!

19.02.2025 11:00 — 👍 5    🔁 2    💬 0    📌 0

Fortimanager multiple vulnerabilities Fortimanager multiple vulnerabilities

In 2024, Fortinet deployed several patches for CVE-2023-42791 and CVE-2024-23666, discovered by @aeinot.bsky.social, @b-paul.bsky.social and load. These vulnerabilities allow, from read-only access to a FortiManager, to execute code as root and thus take control of all managed FortiGates.

18.02.2025 12:25 — 👍 8    🔁 3    💬 0    📌 1

NFS Security: Identifying and Exploiting Misconfigurations Understand security features, misconfigurations and technical attacks on NFS shares. Explore tools to analyze NFS endpoints and abuse misconfigurations.

www.hvs-consulting.de/en/nfs-secur...

24.01.2025 22:23 — 👍 0    🔁 0    💬 0    📌 0

Yay! Our offensive Azure training was accepted at BlackHat USA 2025 🥳 Can't wait to see you there and share cutting-edge techniques for attacking Azure environments!

20.01.2025 09:24 — 👍 9    🔁 7    💬 0    📌 0

GitHub - JumpsecLabs/TokenSmith: TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tok... TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out ...

github.com/JumpsecLabs/...

23.01.2025 07:47 — 👍 0    🔁 0    💬 0    📌 0

Local privilege escalation in Windows Velociraptor service Local privilege escalation in Windows Velociraptor service

A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by jbms. You can read the advisory here:
www.synacktiv.com/advisories/l...

22.11.2024 17:23 — 👍 15    🔁 8    💬 0    📌 0