Our ninja @kalimer0x00.bsky.social is now on stage at #x33fcon to talk about his journey from dissecting SCCM until the discovery of the critical CVE-2024-43468 and the post-exploitation opportunities🔥
Check out how I discover CVE-2025-33073 : RCE with NTLM reflectiv attack allowing authenticated user to compromise any machine without SMB signing enforced !
Microsoft just released the patch for #CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn.bsky.social and @wilfri3d.bsky.social.
www.synacktiv.com/publications...
I had the privilege to attend this training at Synacktiv and it might be the best training you can get when it comes to Azure given by two guy who does Red Team all year round on this subject. Don't wait !
Want to master cutting-edge techniques for attacking Azure?
Join us this summer at @blackhatevents.bsky.social in Vegas for a deep dive into red teaming on Azure, M365, Azure DevOps, and hybrid infrastructures.
Early bird tickets available until May 23rd!
www.blackhat.com/us-25/traini...
In our latest article, @croco-byte.bsky.social and @scaum.bsky.social demonstrate a trick allowing to make Windows SMB clients fall back to WebDav HTTP authentication, enhancing the NTLM and Kerberos relaying capabilities of multicast poisoning attacks!
www.synacktiv.com/publications...
We've just updated our training catalog to include the latest additions, including a brand new course on ransomware investigations!
Find all the dates and details at www.synacktiv.com/en/offers/tr...
In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...
Yay! Our offensive Azure training was accepted at BlackHat USA 2025 🥳 Can't wait to see you there and share cutting-edge techniques for attacking Azure environments!