🎉 Big win at #Pwn2Own Cork!

@pol-y.bsky.social of #Synacktiv successfully breached the @Ubiquiti AI Pro surveillance system 🦈🎶

What a way to wrap up the challenge - congrats, @pol-y.bsky.social 💪

A pre-auth RCE combining 2 critical vulnerabilities on the Production Environment extension of the PHP low-code website generator ScriptCase has been found by noraj and cabir. No upstream fix yet, please apply the workaround.
www.synacktiv.com/advisories/s...

Exploiting the Tesla Wall connector from its charge port connector An interesting attack surface Over the past few years, Synacktiv has been analyzing Tesla vehicles for the Pwn2Own competition.

🚗🔌 We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging cable. From protocol analysis to code execution, a Pwn2Own Automotive 2025 exploit write-up.
www.synacktiv.com/en/publicati...

Hexacon25 Schedule, talks and talk submissions for Hexacon25

We’re receiving a lot of requests to buy tickets, but the conference is sold out! Only tickets bundled with training are still available. You can also join the waiting list or submit a talk to our CFP (cfp.hexacon.fr/hexacon-2025/) 😉

Thank you all for your amazing support! 🙏

🔔 It is time to buy your HEXACON ticket!

💸 Discounted tickets are available (while supplies last) for students and professionals who do not receive support from their company. This approach is based on trust, but we may ask for proof.

www.hexacon.fr/register/

📢 Our Call For Papers is open until 14 July!

➡️ Details & benefits: www.hexacon.fr/conference/c...

Also, conference tickets will be on sale today at 4PM (UTC+2)

The last #Sth4ck talk was @pol-y.bsky.social talking about the Tesla WallConnector ⚡️

Our second talk of the day was Hooking Windows Named Pipes by Thomas

Time for our first talk at #Sth4ck! Vic presents his tips and tricks to reverse Objective-C code.

Hexacon - Register Offensive security conference organized by seasoned professionals, in the heart of Paris. 10-11th October 2025, save the date!

🛎 Training ticket sales for HEXACON 2025 open TODAY at 2PM UTC+2!

Limited spots available 🔥

www.hexacon.fr/register/

📅 Mark your calendars!

www.hexacon.fr

Hexacon - Trainings Offensive security conference organized by seasoned professionals, in the heart of Paris. 10-11th October 2025, save the date!

Time to start announcing our trainings for Hexacon 2025! 📣

📆 6th-9th October 2025
💶 4800€
📍 Near the conference
🎟 Registrations will open in May

www.hexacon.fr/trainings/

Hypervisor development for security analysis

by Satoshi Tanda

www.hexacon.fr/trainer/tanda/

AI Agents for Cybersecurity

by Richard Johnson (@richinseattle.bsky.social)

www.hexacon.fr/trainer/john...

Azure intrusion for red teamers

by Paul Barbé & Matthieu Barjole

www.hexacon.fr/trainer/barb...

Don't forget @bieresecutls.bsky.social on Wednesday 9th before THCon, first round of drinks is on us 🍻

Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team!
Find out if you are a good candidate by reading our offer (🇫🇷).
www.synacktiv.com/responsable-...

📢 Prochain Bière&Sécu mercredi 9 avril 🗓️ (veille de
Thcon) ! RDV à partir de 19h au Rooster and Beer🐔🍺
@synacktiv.com offrira la première tournée de bières 🍻.
Il n'y aura pas de présentation cette fois-ci mais n'hésitez pas à proposer des Rumps à THCon 😉

I had so much fun designing and executing this attack, from hardware to software! Huge thanks to @thezdi.bsky.social for introducing such devices and attack vectors into the contest!

Confirmed! @Synacktiv used a logic bug as a part of their chain to exploit the Tesla Wall Connector via the Charging Connector. Their outstanding (and inventive) research earns them $45,000 and 7 Master of Pwn points. #P2OAuto #Pwn2Own

Wow. Just wow. The @synacktiv team was able to take over the #Tesla Wall Connector while having their exploit originate from the Charging Connector. To our knowledge, that's never been demonstrated publicly before. They head to the disclosure room with details. #P2OAuto #Pwn2Own

📣 Prochain Bière & Sécu Toulouse le mardi 4 février!
🗓️ RDV au Rooster and Beer à partir de 18h30
👉 Merci de vous inscrire sur le framadate : framadate.org/rZveOzrGMyNb...
🗣️ Contactez-nous si vous avez des sujets à présenter via Twitter, Bluesky ou Discord !

Pentest Cloud Day 1 Fundamentals: cloud terminology, infrastructure services, network topology, identity and access management, authentication mechanisms ( OAuth ), reminders of Linux security mechanisms ( namespa

Kickstart 2025 with a cloud exploitation training like no other!
🚀 Join our experts on Feb 10th to master cutting-edge techniques in GCP, AWS, Azure & Kubernetes. Don't miss out! www.synacktiv.com/en/offers/tr...

You can now relay any protocol to SMB over Kerberos with krbrelayx.py and the latest PRs from Hugo Vincent.
Thanks @dirkjanm.io for merging it!
Here is an example from SMB to SMB:

A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by jbms. You can read the advisory here:
www.synacktiv.com/advisories/l...

We are now on #BlueSky! We'll start posting our news here too 😊