[RSS] On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025


www.synacktiv.com ->


Original->

Our experts will be at #Pwn2Own Automotive in Tokyo 🇯🇵

After taking 1st place in 2024 by uncovering #Tesla and automotive vulnerabilities, they’re back to explore new attack entry points!

Stay tuned 🔍

Synology Beestation Plus pre-auth exploitation and full system takeover

www.synacktiv.com/en/publicati...

Write up Arnaud Gatignol and Théo Fauché

#infosec

HEXACON 2025 - Paint it Blue: Attacking the Bluetooth stack by Mehdi Talbi & Etienne Helluy-Lafont YouTube video by Hexacon

My #Hexacon talk with Etienne on exploiting the Bluetooth stack (fluoride) is now available on YouTube

youtu.be/wYulofbUDqY?...

A big shout-out to the #Synacktiv team for their strong performance at the latest #Pwn2Own competition in Cork!
They proudly secured third place overall 👏

Next stop: Tokyo for the upcoming edition 🇯🇵 👀

More details on the targets and participants here ℹ️
www.zerodayinitiative.com/blog/2025/20...

Paint it blue: Attacking the bluetooth stack Paint it blue: Attacking the bluetooth stack

Following their presentation at @hexacon.bsky.social, @mtalbi.bsky.social & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️

www.synacktiv.com/en/publicati...

Impressive exploitation strategy!!

bsky.app/profile/thez...

Confirmed! David Berard of @synacktiv.com used a pair of bugs to exploit the Ubiquiti AI Pro in the Surveillance Systems category. The impressive display (incl. a round of Baby Shark) earns him $30,000 and 3 Master of Pwn Points. #Pwn2Own

🎥 Eyes wide shut! David Berard of @synacktiv.com just breached the @Ubiquiti AI Pro surveillance system at #Pwn2Own. He also serenaded us with round of "Baby Shark" played through the speaker. He's off to the disclosure room with an ear worm and the details.

Confirmed! The team from @synacktiv.com used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points. #Pwn2Own

Congrats to tek and anyfun for landing the first successful entry at #Pwn2OwnCork - exploiting a stack overflow on Synology BeeStation Plus for $40,000 and 4 Master of Pwn points in the process 💥

Let’s keep pushing 💪

#P2OIreland #Synacktiv

Impressive work from our team today at #Pwn2Own!

@mtalbi.bsky.social and Matthieu just pulled off an exploit on the Philips Hue Bridge without laying a finger on the device!

Great demonstration of Synacktiv’s offensive expertise 👏

Come on 🔥

Exploit inside #pwn2own

📢"Paint it Blue: Attacking the Bluetooth stack" by Mehdi Talbi and Etienne Helluy-Lafont

Aaaand the first talk to be announced is... 🥁

Exploiting the Undefined: PWNing Firefox by Settling its Promises by Tao Yan & Edouard Bochin

It's already #SSTIC2025 day 2! @remi-j.bsky.social and us3r present the Windows kernel shadow stack mitigation 🪟

📢 Our Call For Papers is open until 14 July!

➡️ Details & benefits: www.hexacon.fr/conference/c...

Also, conference tickets will be on sale today at 4PM (UTC+2)

iOS 18.4 - dlsym considered harmful Observations We first observed the bug in a custom iOS application compiled for the arm64e architecture (thus supporting PAC instructions).

In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b.bsky.social took a long journey down a rabbit hole to understand its root cause.
www.synacktiv.com/en/publicati...

Hackers rejoice!

We are releasing the Phrack 71 PDF for you today!

Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!

The CFP is still open, you can find it and the PDF link at phrack.org

Ten Years of Rowhammer: A Retrospect (and Path to the Future) 38C3 The density of memory cells in modern DRAM is so high that disturbance errors, like the Rowhammer effect, have become quite frequent. An attacker can exploit Rowhammer to flip bits in inaccessible mem...

Ten Years of Rowhammer: A Retrospect (and Path to the Future)

fahrplan.events.ccc.de/congress/202...

From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11

fahrplan.events.ccc.de/congress/202...

screenshot of the CFP on phrack.org

We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy!

phrack.org