Mehdi Talbi's Avatar

Mehdi Talbi

@mtalbi.bsky.social

82 Followers  |  114 Following  |  2 Posts  |  Joined: 23.11.2024  |  1.6005

Latest posts by mtalbi.bsky.social on Bluesky

Post image

A big shout-out to the #Synacktiv team for their strong performance at the latest #Pwn2Own competition in Cork!
They proudly secured third place overall πŸ‘

Next stop: Tokyo for the upcoming edition πŸ‡―πŸ‡΅ πŸ‘€

More details on the targets and participants here ℹ️
www.zerodayinitiative.com/blog/2025/20...

31.10.2025 15:54 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Paint it blue: Attacking the bluetooth stack Paint it blue: Attacking the bluetooth stack

Following their presentation at @hexacon.bsky.social, @mtalbi.bsky.social & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️

www.synacktiv.com/en/publicati...

27.10.2025 16:02 β€” πŸ‘ 6    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0

Impressive exploitation strategy!!

bsky.app/profile/thez...

23.10.2025 15:44 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

Confirmed! David Berard of @synacktiv.com used a pair of bugs to exploit the Ubiquiti AI Pro in the Surveillance Systems category. The impressive display (incl. a round of Baby Shark) earns him $30,000 and 3 Master of Pwn Points. #Pwn2Own

23.10.2025 13:31 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1

πŸŽ₯ Eyes wide shut! David Berard of @synacktiv.com just breached the @Ubiquiti AI Pro surveillance system at #Pwn2Own. He also serenaded us with round of "Baby Shark" played through the speaker. He's off to the disclosure room with an ear worm and the details.

23.10.2025 11:10 β€” πŸ‘ 3    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

Confirmed! The team from @synacktiv.com used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points. #Pwn2Own

22.10.2025 17:11 β€” πŸ‘ 7    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

Congrats to tek and anyfun for landing the first successful entry at #Pwn2OwnCork - exploiting a stack overflow on Synology BeeStation Plus for $40,000 and 4 Master of Pwn points in the process πŸ’₯

Let’s keep pushing πŸ’ͺ

#P2OIreland #Synacktiv

21.10.2025 15:32 β€” πŸ‘ 4    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

Impressive work from our team today at #Pwn2Own!

@mtalbi.bsky.social and Matthieu just pulled off an exploit on the Philips Hue Bridge without laying a finger on the device!

Great demonstration of Synacktiv’s offensive expertise πŸ‘

Come on πŸ”₯

22.10.2025 15:36 β€” πŸ‘ 13    πŸ” 7    πŸ’¬ 0    πŸ“Œ 0
Post image

Exploit inside #pwn2own

22.10.2025 14:36 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

πŸ“’"Paint it Blue: Attacking the Bluetooth stack" by Mehdi Talbi and Etienne Helluy-Lafont

03.10.2025 15:58 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

Aaaand the first talk to be announced is... πŸ₯

Exploiting the Undefined: PWNing Firefox by Settling its Promises by Tao Yan & Edouard Bochin

12.09.2025 09:18 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

It's already #SSTIC2025 day 2! @remi-j.bsky.social and us3r present the Windows kernel shadow stack mitigation πŸͺŸ

05.06.2025 09:08 β€” πŸ‘ 9    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0

πŸ“’ Our Call For Papers is open until 14 July!

➑️ Details & benefits: www.hexacon.fr/conference/c...

Also, conference tickets will be on sale today at 4PM (UTC+2)

02.06.2025 10:04 β€” πŸ‘ 2    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Preview
iOS 18.4 - dlsym considered harmful Observations We first observed the bug in a custom iOS application compiled for the arm64e architecture (thus supporting PAC instructions).

In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b.bsky.social took a long journey down a rabbit hole to understand its root cause.
www.synacktiv.com/en/publicati...

10.04.2025 13:22 β€” πŸ‘ 15    πŸ” 9    πŸ’¬ 0    πŸ“Œ 0
.:: Phrack Magazine ::. Phrack staff website.

Hackers rejoice!

We are releasing the Phrack 71 PDF for you today!

Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!

The CFP is still open, you can find it and the PDF link at phrack.org

15.02.2025 15:02 β€” πŸ‘ 63    πŸ” 33    πŸ’¬ 2    πŸ“Œ 1
Preview
Ten Years of Rowhammer: A Retrospect (and Path to the Future) 38C3 The density of memory cells in modern DRAM is so high that disturbance errors, like the Rowhammer effect, have become quite frequent. An attacker can exploit Rowhammer to flip bits in inaccessible mem...

Ten Years of Rowhammer: A Retrospect (and Path to the Future)

fahrplan.events.ccc.de/congress/202...

From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11

fahrplan.events.ccc.de/congress/202...

26.12.2024 08:11 β€” πŸ‘ 13    πŸ” 7    πŸ’¬ 1    πŸ“Œ 0
screenshot of the CFP on phrack.org

screenshot of the CFP on phrack.org

We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy!

phrack.org

16.12.2024 22:56 β€” πŸ‘ 118    πŸ” 60    πŸ’¬ 4    πŸ“Œ 4

@mtalbi is following 20 prominent accounts