Synacktiv (@synacktiv.com)

mitmproxy for fun and profit: Interception and Analysis of Application mitmproxy for fun and profit: Interception and Analysis of Application

🔎 Want to know what you can really do with #mitmproxy?

This deep dive shows how to intercept and modify application traffic on #Linux, #Android, and #iOS - from TLS MITM to gRPC/Protobuf tampering.

Read our latest article: www.synacktiv.com/en/publicati...

02.03.2026 15:37 👍 2 🔁 2 💬 0 📌 0

🚀 Last December, the Synacktiv #WinterChallenge 2025 took place.
👏 Congratulations to the 25 participants for their outstanding solutions!
🧠 Read the write-up on the best techniques used to craft a constraint-compliant quinindrome: www.synacktiv.com/en/publicati...

24.02.2026 16:21 👍 2 🔁 1 💬 0 📌 0

#IT evolves… and so do attacks. 🛡️

Sharpen your skills in March-April 2026 with our #cybersecurity courses: Forensic, Cloud, Active Directory & Malware Analysis.

📅 Limited spots: www.synacktiv.com/en/offers/tr...

10.02.2026 11:19 👍 1 🔁 2 💬 0 📌 0

Beyond ACLs: Mapping Windows Privilege Escalation Paths with Beyond ACLs: Mapping Windows Privilege Escalation Paths with

In our latest article, @niozow.bsky.social dives into the inner workings of #Windows access tokens, privileges and logon rights.
As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️
www.synacktiv.com/en/publicati...

02.02.2026 15:30 👍 1 🔁 3 💬 0 📌 0

🔍 Synacktiv training courses - April 2026

Hands-on #cybersecurity courses led by #Synacktiv experts: Cloud Forensics (AWS), Azure & AD intrusion tactics.
📅 March-April | Onsite & Remote
👉 www.synacktiv.com/en/offers/tr...

29.01.2026 10:30 👍 0 🔁 0 💬 0 📌 0

On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025 On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller.
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.

🔍 www.synacktiv.com/en/publicati...

26.01.2026 10:05 👍 6 🔁 1 💬 0 📌 0

On the podium at #Pwn2Own Automotive 2026 🥉

Synacktiv ranked 3rd in Tokyo 🇯🇵 after successful attacks on #Tesla Infotainment (USB), #Sony XAV-9500ES (USB) and #Autel MaxiCharger (NFC).

📍 Next stop: Berlin!

23.01.2026 11:38 👍 5 🔁 4 💬 0 📌 0

Proud to announce that REVEL·IO has secured funding from @bpifrance-officiel.bsky.social under #France2030 🚀

With @synacktiv.com, this supports a new version to:
➡️ help CERT teams automate live forensic analysis
➡️ enable French & European judicial experts to perform reliable mobile extractions

16.01.2026 11:54 👍 1 🔁 1 💬 0 📌 0

Our experts will be at #Pwn2Own Automotive in Tokyo 🇯🇵

After taking 1st place in 2024 by uncovering #Tesla and automotive vulnerabilities, they’re back to explore new attack entry points!

Stay tuned 🔍

16.01.2026 09:45 👍 1 🔁 1 💬 0 📌 0

Cyber threats evolve fast - so should your skills.
In March, join our hands-on #cybersecurity training covering Linux Forensics, Cloud Forensics (Azure & AWS) and Intrusion Tactics.

⌛ Limited seats → www.synacktiv.com/en/offers/tr...

#Cybersecurity #Forensics #CloudSecurity

14.01.2026 16:04 👍 0 🔁 0 💬 0 📌 0

Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025 Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025

From legacy WEP to WPA3-Enterprise: sharing our recent #WiFi field experiences. 📡

We detail various scenarios to better understand the risks, including WPA3 PEAP relaying & optimized online PSK brute-forcing.

⤵️ www.synacktiv.com/en/publicati...

14.01.2026 10:22 👍 3 🔁 2 💬 0 📌 0

🔒 Feb 2026: #cybersecurity training with #Synacktiv!

5&6 Feb: Kubernetes Intrusion Tactics (Paris, FR)
9&10 Feb: AWS Intrusion Tactics (Paris, FR)
9-11 Feb: Malware Analysis (Remote, EN)
16-20 Feb: Attacking Web Apps (Paris, FR)

✅ Register now: www.synacktiv.com/en/offers/tr...

29.12.2025 11:09 👍 0 🔁 0 💬 0 📌 0

Livewire: remote command execution through unmarshaling Livewire: remote command execution through unmarshaling

🚨 Pre-Auth RCE in #Livewire (CVE-2025-54068)!

Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing.

🔗 Patch now! (v3.6.4+)
www.synacktiv.com/en/publicati...

23.12.2025 16:40 👍 1 🔁 0 💬 0 📌 0

🚀 [Training 2026] Research & exploitation: embedded #Linux systems

5-day training on UART access, firmware analysis, QEMU emulation, fuzzing (AFL++), static analysis & persistence on compromised systems.

📍 On site, Paris
🇫🇷 French

Register 👇
www.synacktiv.com/en/offers/tr...

23.12.2025 10:40 👍 1 🔁 0 💬 0 📌 0

🔥 Synacktiv’s #CSIRT 2026 training sessions are coming!

Forensics, malware analysis, cloud investigations - all taught by our experts, available remotely or on site, in French or English.

Register 👇
www.synacktiv.com/en/offers/tr...

18.12.2025 16:37 👍 1 🔁 0 💬 0 📌 0

Exploiting Anno 1404 Exploiting Anno 1404

[New blog post] As part of an R&D project, @tomtombinary.bsky.social identified several critical vulnerabilities in the LAN multiplayer mode of the game Anno 1404 (released in 2009) 🔍

Want to know more?
Read the full article on our blog 👇
www.synacktiv.com/en/publicati...

16.12.2025 15:56 👍 3 🔁 3 💬 0 📌 0

ActivID administrator account takeover : the story behind ActivID administrator account takeover : the story behind

HID recently disclosed HID-PSA-2025-002, a critical flaw in the #ActivID Authentication Appliance 8.7.

In our new blog post, @us3r777.bsky.social and @pierregg.bsky.social break down exactly how they uncovered it, from methodology to exploitation 💡

Read it here ⬇️
synacktiv.com/en/publicati...

12.12.2025 15:22 👍 3 🔁 2 💬 0 📌 0

🔥 #Synacktiv’s 2026 Internship Book is out!

Whether you're into pentest, reverse engineering, incident response or development, you’ll find our full list of internships plus practical tips to boost your chances.

📬 Send us your CV: www.synacktiv.com/book_stage_s...

12.12.2025 09:21 👍 0 🔁 0 💬 0 📌 0

Trainings Synacktiv

Level up your #pentest skills in 2026 🚀

Join Synacktiv’s hands-on trainings: from Kubernetes & cloud hacks to web app attacks & AD intrusion.

More information & registration : www.synacktiv.com/en/offers/tr...

#cybersecurity

11.12.2025 12:22 👍 0 🔁 1 💬 0 📌 0

🕵️‍♂️ When an 'innocent' #PHP file hides a #backdoor…
During an investigation on a compromised server, we came across an obfuscated PHAR stub - a classic sign of a #webshell trying to evade basic scanners.

Check out our technical analysis 🔍
Have you ever encountered this type of “packaged” webshell? 💬

09.12.2025 14:38 👍 1 🔁 1 💬 0 📌 0

🎓🚀 Ready to level up your #cybersecurity skills?

Synacktiv’s 2026 training programs are open for registration!
Get practical, expert-led sessions in offensive and defensive cybersecurity - online or in-person, in French or English 🇫🇷🇬🇧

🔗 Learn more: www.synacktiv.com/en/offers/tr...

04.12.2025 15:00 👍 0 🔁 0 💬 0 📌 0

Winter is here, it's time to test your assembly skills with the #Synacktiv Winter Challenge 🏂.
A code golf competition that guarantees hours of intense x86 instruction optimization!

🔗 Participate here: www.synacktiv.com/en/publicati...

02.12.2025 17:08 👍 3 🔁 1 💬 0 📌 1

Missed @hexacon.bsky.social 2025? 🤯
Good news, all #Synacktiv’s deep-dive talks on offensive research & reverse engineering are now online!

🎥 Watch the full playlist: www.youtube.com/playlist?lis...

#cybersecurity

01.12.2025 15:12 👍 8 🔁 2 💬 0 📌 0

Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey

At #Pwn2Own2025, our experts Tek & @anyfun.bsky.social remotely compromised a Synology Beestation Plus via a pre-auth exploit, leading to full system takeover.

The vuln is now tracked as CVE-2025-12686 🔍

🔗 Full write-up: www.synacktiv.com/en/publicati...

27.11.2025 14:59 👍 4 🔁 1 💬 0 📌 0

GitHub - synacktiv/itsm-exploit: Ivanti Neurons for ITSM (On Premise) exploits Ivanti Neurons for ITSM (On Premise) exploits. Contribute to synacktiv/itsm-exploit development by creating an account on GitHub.

@alexisdanizan.bsky.social discovered several critical flaws in an older #IvantiITSM version 💥
Already reported, but these exploits could still be useful and come with technical details ⬇️
github.com/synacktiv/it...

27.11.2025 10:34 👍 2 🔁 0 💬 0 📌 0

🚀 It’s the big day for the #CBCToulouse!

The #Synacktiv team is on-site and ready to connect with you throughout the event.
📍 Visit our booth to learn more about our areas of expertise and our career opportunities!

📅 26–27 November 2025
ℹ️ More information: cbc-convention.com

26.11.2025 10:08 👍 0 🔁 0 💬 0 📌 0

Last Friday at #BlackAlps2025, noraj explored the hidden security challenges of #Unicode 🎤

With 1,000+ pages of specs, even small mistakes can become attack vectors.

Dive into the details 👉 www.synacktiv.com/ressources%2...

25.11.2025 15:07 👍 0 🔁 0 💬 0 📌 0

Our specialists are on-site at #ECW - European Cyber Week!

Come meet us at booth 98 to talk #cybersecurity and explore our career opportunities.

Tomorrow is the last chance - don’t miss out 👋

19.11.2025 11:53 👍 0 🔁 0 💬 0 📌 0

🔒 Only 7 days to go until the #CBC - Cyber Security Business Convention!

Come and meet our team:

🔹 Technical feedback,
🔹 Presentation of our training courses and career opportunities.

📍 MEETT - Parc des Expositions, 31 840 AUSSONNE
ℹ️ cbc-convention.com

19.11.2025 09:35 👍 0 🔁 0 💬 0 📌 0

Synacktiv

Latest posts by Synacktiv @synacktiv.com