At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 www.synacktiv.com/en/publicati...

On the podium at #Pwn2Own Automotive 2026 🥉 Synacktiv ranked 3rd in Tokyo 🇯🇵 after successful attacks on #Tesla Infotainment (USB), #Sony XAV-9500ES (USB) and #Autel MaxiCharger (NFC). 📍 Next stop: Berlin!

Proud to announce that REVEL·IO has secured funding from @bpifrance-officiel.bsky.social under #France2030 🚀 With @synacktiv.com, this supports a new version to: ➡️ help CERT teams automate live forensic analysis ➡️ enable French & European judicial experts to perform reliable mobile extractions

Our experts will be at #Pwn2Own Automotive in Tokyo 🇯🇵 After taking 1st place in 2024 by uncovering #Tesla and automotive vulnerabilities, they’re back to explore new attack entry points! Stay tuned 🔍

Cyber threats evolve fast - so should your skills. In March, join our hands-on #cybersecurity training covering Linux Forensics, Cloud Forensics (Azure & AWS) and Intrusion Tactics. ⌛ Limited seats → www.synacktiv.com/en/offers/tr... #Cybersecurity #Forensics #CloudSecurity

From legacy WEP to WPA3-Enterprise: sharing our recent #WiFi field experiences. 📡 We detail various scenarios to better understand the risks, including WPA3 PEAP relaying & optimized online PSK brute-forcing. ⤵️ www.synacktiv.com/en/publicati...

🔒 Feb 2026: #cybersecurity training with #Synacktiv! 5&6 Feb: Kubernetes Intrusion Tactics (Paris, FR) 9&10 Feb: AWS Intrusion Tactics (Paris, FR) 9-11 Feb: Malware Analysis (Remote, EN) 16-20 Feb: Attacking Web Apps (Paris, FR) ✅ Register now: www.synacktiv.com/en/offers/tr...

🚨 Pre-Auth RCE in #Livewire (CVE-2025-54068)! Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing. 🔗 Patch now! (v3.6.4+) www.synacktiv.com/en/publicati...

🚀 [Training 2026] Research & exploitation: embedded #Linux systems 5-day training on UART access, firmware analysis, QEMU emulation, fuzzing (AFL++), static analysis & persistence on compromised systems. 📍 On site, Paris 🇫🇷 French Register 👇 www.synacktiv.com/en/offers/tr...

🔥 Synacktiv’s #CSIRT 2026 training sessions are coming! Forensics, malware analysis, cloud investigations - all taught by our experts, available remotely or on site, in French or English. Register 👇 www.synacktiv.com/en/offers/tr...

[New blog post] As part of an R&D project, @tomtombinary.bsky.social identified several critical vulnerabilities in the LAN multiplayer mode of the game Anno 1404 (released in 2009) 🔍 Want to know more? Read the full article on our blog 👇 www.synacktiv.com/en/publicati...

HID recently disclosed HID-PSA-2025-002, a critical flaw in the #ActivID Authentication Appliance 8.7. In our new blog post, @us3r777.bsky.social and @pierregg.bsky.social break down exactly how they uncovered it, from methodology to exploitation 💡 Read it here ⬇️ synacktiv.com/en/publicati...

🔥 #Synacktiv’s 2026 Internship Book is out! Whether you're into pentest, reverse engineering, incident response or development, you’ll find our full list of internships plus practical tips to boost your chances. 📬 Send us your CV: www.synacktiv.com/book_stage_s...

Level up your #pentest skills in 2026 🚀 Join Synacktiv’s hands-on trainings: from Kubernetes & cloud hacks to web app attacks & AD intrusion. More information & registration : www.synacktiv.com/en/offers/tr... #cybersecurity

🕵️‍♂️ When an 'innocent' #PHP file hides a #backdoor… During an investigation on a compromised server, we came across an obfuscated PHAR stub - a classic sign of a #webshell trying to evade basic scanners. Check out our technical analysis 🔍 Have you ever encountered this type of “packaged” webshell? 💬

🎓🚀 Ready to level up your #cybersecurity skills? Synacktiv’s 2026 training programs are open for registration! Get practical, expert-led sessions in offensive and defensive cybersecurity - online or in-person, in French or English 🇫🇷🇬🇧 🔗 Learn more: www.synacktiv.com/en/offers/tr...

Winter is here, it's time to test your assembly skills with the #Synacktiv Winter Challenge 🏂. A code golf competition that guarantees hours of intense x86 instruction optimization! 🔗 Participate here: www.synacktiv.com/en/publicati...

Missed @hexacon.bsky.social 2025? 🤯 Good news, all #Synacktiv’s deep-dive talks on offensive research & reverse engineering are now online! 🎥 Watch the full playlist: www.youtube.com/playlist?lis... #cybersecurity

At #Pwn2Own2025, our experts Tek & @anyfun.bsky.social remotely compromised a Synology Beestation Plus via a pre-auth exploit, leading to full system takeover. The vuln is now tracked as CVE-2025-12686 🔍 🔗 Full write-up: www.synacktiv.com/en/publicati...

@alexisdanizan.bsky.social discovered several critical flaws in an older #IvantiITSM version 💥 Already reported, but these exploits could still be useful and come with technical details ⬇️ github.com/synacktiv/it...

🚀 It’s the big day for the #CBCToulouse! The #Synacktiv team is on-site and ready to connect with you throughout the event. 📍 Visit our booth to learn more about our areas of expertise and our career opportunities! 📅 26–27 November 2025 ℹ️ More information: cbc-convention.com

Last Friday at #BlackAlps2025, noraj explored the hidden security challenges of #Unicode 🎤 With 1,000+ pages of specs, even small mistakes can become attack vectors. Dive into the details 👉 www.synacktiv.com/ressources%2...

Our specialists are on-site at #ECW - European Cyber Week! Come meet us at booth 98 to talk #cybersecurity and explore our career opportunities. Tomorrow is the last chance - don’t miss out 👋

🔒 Only 7 days to go until the #CBC - Cyber Security Business Convention! Come and meet our team: 🔹 Technical feedback, 🔹 Presentation of our training courses and career opportunities. 📍 MEETT - Parc des Expositions, 31 840 AUSSONNE ℹ️ cbc-convention.com

@bsidesmunich.bsky.social 2025 Wrap-up 🇩🇪 @yaumn.bsky.social & @wilfri3d.bsky.social presented their research on CVE-2025-33073, a critical #Windows auth reflection flaw (huge #ActiveDirectory impact!). Full analysis below👇 🔗 www.synacktiv.com/en/publicati...

[ #EuropeanCyberWeek ] Did you miss us yesterday? No worries, there's still time to visit #Synacktiv at booth 98! Come discuss cybersecurity challenges and learn about our offensive security expertise. We're here until Thursday 😉 #ECW2025 #Rennes

Meet our #Synacktiv and @revel-io.bsky.social experts at #Milipol, from Tuesday 18 to Friday 21 November 2025! 📍 Visit us at Stand H063 (Hall 4 – Forensic Zone). ℹ️ www.milipol.com/fr-FR

Join us at Cyb’Air Sud 2025! We’re pleased to announce that Théo L. will be speaking at the 2025 edition of #CybAirSud, hosted by the "École de l’air et de l’espace". 🎤 Sophisticated GNU/Linux backdoor 📅 Tuesday, 25th of November 🇫🇷 Session in French Register now 👉 cybair-sud.fr/pages/ed_202...

The #EUCyberWeek is officially underway in Rennes 🚀 The @synacktiv.com team is on-site and keen to connect with you! Do come and meet us to discover our expertise 👋 ℹ️ www.european-cyber-week.eu

Only one day to go until #MilipolParis 2025 ⏳ #REVEL·IO is excited to join the homeland security community and present our mobile device #forensic solution. @synacktiv.com will be there too! 📍 See you tomorrow at stand H063 (Hall 4 - Forensic Zone).

Our ninjas are in Vienna for the T-REX conference! 🎤 @kevintell.bsky.social delivered a session exploring advanced Red Team lateral movement techniques built on DCOM - a great opportunity to exchange practices with fellow experts. Thank you to the @oenb.at for hosting such a great event!

Check out our new advisory, where @w0rty.bsky.social shows how he managed to take control of an #EticTelecom router, gaining root access 💪 🗞️ www.synacktiv.com/en/advisorie...

Take your embedded systems security skills to the next level 🎯 During this 5-day deep dive, you’ll explore every step of the research and exploitation chain on embedded #Linux systems. 👉 Registration is now open: www.synacktiv.com/offres/forma...

Only 7 days to go until the #ECW gets underway! #Synacktiv is all set and ready to showcase our #cybersecurity expertise. 📍 Do come and visit us at stand 98

[Blogpost] @croco_byte presents how to exploit attack paths related to Active Directory sites' ACLs. As the latter often constitute a blind spot for AD enumeration tools, the article also describes a pull request aiming to integrate them into the BloodHound project:

Thinking about applying to #Synacktiv? Before sending in your application, take a few minutes to explore our candidate #FAQ. 🎯 Our goal: to help you better understand who we are, how we work, and what we value in future teammates. 👉 Find all the answers here: www.synacktiv.com/faq-recrutem...

🇫🇷 During "Le Big Bang de l’Économie" by #LeFigaro, @kevintell.bsky.social gave a live pentest demo, showing how easily data can be exposed when systems aren’t properly secured: youtu.be/XVJUF1zt1FE 👉 Watch the whole show: video.lefigaro.fr/figaro/econo...

Registration is now open for our upcoming sessions dedicated to forensics, malware analysis, and cloud investigation ! Our expert-led trainings are available in English or French, online or on-site 🎯 👉 Explore the full program and register now: www.synacktiv.com/en/offers/tr...

A big shout-out to the #Synacktiv team for their strong performance at the latest #Pwn2Own competition in Cork! They proudly secured third place overall 👏 Next stop: Tokyo for the upcoming edition 🇯🇵 👀 More details on the targets and participants here ℹ️ www.zerodayinitiative.com/blog/2025/20...

#REVEL·IO will be exhibiting at #MilipolParis 2025 📢 Developed by @synacktiv.com, REVEL·IO is the first French digital forensics solution designed to help investigators. 📍 Hall 4 - Forensic zone - Stand H063 💡 Learn more about Milipol: www.milipol.com/en 💡 Discover REVEL·IO: revelio.eu

Another busy month with many technical talks from the team! 💪 Links and more details below 👇️

Level up your pentesting skills in 2026 🚀 Join Synacktiv’s hands-on trainings: from Kubernetes & cloud hacks to web app attacks & AD intrusion. More information & registration : www.synacktiv.com/en/offers/tr...

In our new article, Maxime Desbrus examines a technique for easily creating a Rust “Two-Face” binary for #Linux: ➡️ in most environments it runs a benign program; ➡️ but on a specific host it launches an entirely different, much more discreet payload. Read it here 🔗 www.synacktiv.com/en/publicati...

@synacktiv.com x #OteriaCyberSchool 🤝 Once again, our ninjas are taking part in designing the entry challenge for #0x41 - the legendary “piscine” (pool) 🏊‍♂️ 🥷 Ready to dive in? Registration is now open: x41.fr

Following their presentation at @hexacon.bsky.social, @mtalbi.bsky.social & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️ www.synacktiv.com/en/publicati...

Synacktiv at Cyber security Business Convention 🚀 Our teams will be attending #CBC on November 26&27 for two days fully dedicated to #cybersecurity - featuring technical exchanges, feedback sessions, and passionate discussions about the latest developments in the field. ℹ️ cbc-convention.com

🎓 Synacktiv Training Sessions 2026 are now open! Looking to take your offensive or defensive cybersecurity skills to the next level? Our experts deliver hands-on, high-intensity technical training, available on-site or online, in French or English. More details 👇 www.synacktiv.com/en/offers/tr...

🎉 Big win at #Pwn2Own Cork! @pol-y.bsky.social of #Synacktiv successfully breached the @Ubiquiti AI Pro surveillance system 🦈🎶 What a way to wrap up the challenge - congrats, @pol-y.bsky.social 💪

Impressive work from our team today at #Pwn2Own! @mtalbi.bsky.social and Matthieu just pulled off an exploit on the Philips Hue Bridge without laying a finger on the device! Great demonstration of Synacktiv’s offensive expertise 👏 Come on 🔥

Congrats to tek and anyfun for landing the first successful entry at #Pwn2OwnCork - exploiting a stack overflow on Synology BeeStation Plus for $40,000 and 4 Master of Pwn points in the process 💥 Let’s keep pushing 💪 #P2OIreland #Synacktiv