David B. - _p0ly_'s Avatar

David B. - _p0ly_

@pol-y.bsky.social

Security expert @Synacktiv

177 Followers  |  169 Following  |  1 Posts  |  Joined: 20.11.2024
Posts Following

Posts by David B. - _p0ly_ (@pol-y.bsky.social)

Post image

πŸŽ‰ Big win at #Pwn2Own Cork!

@pol-y.bsky.social of #Synacktiv successfully breached the @Ubiquiti AI Pro surveillance system 🦈🎢

What a way to wrap up the challenge - congrats, @pol-y.bsky.social πŸ’ͺ

23.10.2025 12:35 β€” πŸ‘ 7    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0
ScriptCase - Pre-Authenticated Remote Command Execution ScriptCase - Pre-Authenticated Remote Command Execution

A pre-auth RCE combining 2 critical vulnerabilities on the Production Environment extension of the PHP low-code website generator ScriptCase has been found by noraj and cabir. No upstream fix yet, please apply the workaround.
www.synacktiv.com/advisories/s...

04.07.2025 16:00 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Exploiting the Tesla Wall connector from its charge port connector An interesting attack surface Over the past few years, Synacktiv has been analyzing Tesla vehicles for the Pwn2Own competition.

πŸš—πŸ”Œ We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging cable. From protocol analysis to code execution, a Pwn2Own Automotive 2025 exploit write-up.
www.synacktiv.com/en/publicati...

17.06.2025 14:27 β€” πŸ‘ 13    πŸ” 8    πŸ’¬ 0    πŸ“Œ 0
Preview
Hexacon25 Schedule, talks and talk submissions for Hexacon25

We’re receiving a lot of requests to buy tickets, but the conference is sold out! Only tickets bundled with training are still available. You can also join the waiting list or submit a talk to our CFP (cfp.hexacon.fr/hexacon-2025/) πŸ˜‰

Thank you all for your amazing support! πŸ™

12.06.2025 08:34 β€” πŸ‘ 5    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0

πŸ”” It is time to buy your HEXACON ticket!

πŸ’Έ Discounted tickets are available (while supplies last) for students and professionals who do not receive support from their company. This approach is based on trust, but we may ask for proof.

www.hexacon.fr/register/

02.06.2025 13:59 β€” πŸ‘ 4    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0

πŸ“’ Our Call For Papers is open until 14 July!

➑️ Details & benefits: www.hexacon.fr/conference/c...

Also, conference tickets will be on sale today at 4PM (UTC+2)

02.06.2025 10:04 β€” πŸ‘ 2    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

The last #Sth4ck talk was @pol-y.bsky.social talking about the Tesla WallConnector ⚑️

26.05.2025 07:06 β€” πŸ‘ 4    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

Our second talk of the day was Hooking Windows Named Pipes by Thomas

23.05.2025 11:08 β€” πŸ‘ 5    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Post image

Time for our first talk at #Sth4ck! Vic presents his tips and tricks to reverse Objective-C code.

23.05.2025 08:26 β€” πŸ‘ 9    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Preview
Hexacon - Register Offensive security conference organized by seasoned professionals, in the heart of Paris. 10-11th October 2025, save the date!

πŸ›Ž Training ticket sales for HEXACON 2025 open TODAY at 2PM UTC+2!

Limited spots available πŸ”₯

www.hexacon.fr/register/

05.05.2025 11:38 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
Post image

πŸ“… Mark your calendars!

www.hexacon.fr

23.04.2025 13:37 β€” πŸ‘ 7    πŸ” 7    πŸ’¬ 0    πŸ“Œ 0
Preview
Hexacon - Trainings Offensive security conference organized by seasoned professionals, in the heart of Paris. 10-11th October 2025, save the date!

Time to start announcing our trainings for Hexacon 2025! πŸ“£

πŸ“† 6th-9th October 2025
πŸ’Ά 4800€
πŸ“ Near the conference
🎟 Registrations will open in May

www.hexacon.fr/trainings/

15.04.2025 14:38 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Post image

Hypervisor development for security analysis

by Satoshi Tanda

www.hexacon.fr/trainer/tanda/

15.04.2025 14:40 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

AI Agents for Cybersecurity

by Richard Johnson (@richinseattle.bsky.social)

www.hexacon.fr/trainer/john...

15.04.2025 14:44 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Post image

Azure intrusion for red teamers

by Paul BarbΓ© & Matthieu Barjole

www.hexacon.fr/trainer/barb...

15.04.2025 14:46 β€” πŸ‘ 8    πŸ” 8    πŸ’¬ 0    πŸ“Œ 1

Don't forget @bieresecutls.bsky.social on Wednesday 9th before THCon, first round of drinks is on us 🍻

07.04.2025 08:49 β€” πŸ‘ 6    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Responsable Γ©quipe reverse engineering

Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team!
Find out if you are a good candidate by reading our offer (πŸ‡«πŸ‡·).
www.synacktiv.com/responsable-...

28.03.2025 16:25 β€” πŸ‘ 7    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0

πŸ“’ Prochain BiΓ¨re&SΓ©cu mercredi 9 avril πŸ—“οΈ (veille de
Thcon) ! RDV Γ  partir de 19h au Rooster and BeerπŸ”πŸΊ
@synacktiv.com offrira la première tournée de bières 🍻.
Il n'y aura pas de prΓ©sentation cette fois-ci mais n'hΓ©sitez pas Γ  proposer des Rumps Γ  THCon πŸ˜‰

03.03.2025 13:04 β€” πŸ‘ 2    πŸ” 4    πŸ’¬ 0    πŸ“Œ 1
Post image

I had so much fun designing and executing this attack, from hardware to software! Huge thanks to @thezdi.bsky.social for introducing such devices and attack vectors into the contest!

23.01.2025 19:50 β€” πŸ‘ 10    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Post image

Confirmed! @Synacktiv used a logic bug as a part of their chain to exploit the Tesla Wall Connector via the Charging Connector. Their outstanding (and inventive) research earns them $45,000 and 7 Master of Pwn points. #P2OAuto #Pwn2Own

23.01.2025 09:54 β€” πŸ‘ 10    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0

Wow. Just wow. The @synacktiv team was able to take over the #Tesla Wall Connector while having their exploit originate from the Charging Connector. To our knowledge, that's never been demonstrated publicly before. They head to the disclosure room with details. #P2OAuto #Pwn2Own

23.01.2025 07:41 β€” πŸ‘ 18    πŸ” 13    πŸ’¬ 1    πŸ“Œ 0
Sondage - Bière&Sécu Toulouse - Framadate Framadate est un service en ligne permettant de planifier un rendez-vous ou prendre des décisions rapidement et simplement.

πŸ“£ Prochain BiΓ¨re & SΓ©cu Toulouse le mardi 4 fΓ©vrier!
πŸ—“οΈ RDV au Rooster and Beer Γ  partir de 18h30
πŸ‘‰ Merci de vous inscrire sur le framadate : framadate.org/rZveOzrGMyNb...
πŸ—£οΈ Contactez-nous si vous avez des sujets Γ  prΓ©senter via Twitter, Bluesky ou Discord !

08.01.2025 12:46 β€” πŸ‘ 6    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0
Preview
Pentest Cloud Day 1 Fundamentals: cloud terminology, infrastructure services, network topology, identity and access management, authentication mechanisms ( OAuth ), reminders of Linux security mechanisms ( namespa

Kickstart 2025 with a cloud exploitation training like no other!
πŸš€ Join our experts on Feb 10th to master cutting-edge techniques in GCP, AWS, Azure & Kubernetes. Don't miss out! www.synacktiv.com/en/offers/tr...

07.01.2025 16:11 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Post image

You can now relay any protocol to SMB over Kerberos with krbrelayx.py and the latest PRs from Hugo Vincent.
Thanks @dirkjanm.io for merging it!
Here is an example from SMB to SMB:

12.12.2024 14:36 β€” πŸ‘ 11    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Local privilege escalation in Windows Velociraptor service Local privilege escalation in Windows Velociraptor service

A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by jbms. You can read the advisory here:
www.synacktiv.com/advisories/l...

22.11.2024 17:23 β€” πŸ‘ 15    πŸ” 8    πŸ’¬ 0    πŸ“Œ 0

We are now on #BlueSky! We'll start posting our news here too 😊

22.11.2024 15:46 β€” πŸ‘ 22    πŸ” 8    πŸ’¬ 1    πŸ“Œ 0