Synacktiv
@synacktiv.com
Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.
#IT evolves… and so do attacks. 🛡️
Sharpen your skills in March-April 2026 with our #cybersecurity courses: Forensic, Cloud, Active Directory & Malware Analysis.
📅 Limited spots: www.synacktiv.com/en/offers/tr...
Sharpen your skills in March-April 2026 with our #cybersecurity courses: Forensic, Cloud, Active Directory & Malware Analysis.
📅 Limited spots: www.synacktiv.com/en/offers/tr...
February 10, 2026 at 11:19 AM
#IT evolves… and so do attacks. 🛡️
Sharpen your skills in March-April 2026 with our #cybersecurity courses: Forensic, Cloud, Active Directory & Malware Analysis.
📅 Limited spots: www.synacktiv.com/en/offers/tr...
Sharpen your skills in March-April 2026 with our #cybersecurity courses: Forensic, Cloud, Active Directory & Malware Analysis.
📅 Limited spots: www.synacktiv.com/en/offers/tr...
In our latest article, @niozow.bsky.social dives into the inner workings of #Windows access tokens, privileges and logon rights.
As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️
www.synacktiv.com/en/publicati...
As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️
www.synacktiv.com/en/publicati...
Beyond ACLs: Mapping Windows Privilege Escalation Paths with
Beyond ACLs: Mapping Windows Privilege Escalation Paths with
www.synacktiv.com
February 2, 2026 at 3:30 PM
In our latest article, @niozow.bsky.social dives into the inner workings of #Windows access tokens, privileges and logon rights.
As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️
www.synacktiv.com/en/publicati...
As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️
www.synacktiv.com/en/publicati...
🔍 Synacktiv training courses - April 2026
Hands-on #cybersecurity courses led by #Synacktiv experts: Cloud Forensics (AWS), Azure & AD intrusion tactics.
📅 March-April | Onsite & Remote
👉 www.synacktiv.com/en/offers/tr...
Hands-on #cybersecurity courses led by #Synacktiv experts: Cloud Forensics (AWS), Azure & AD intrusion tactics.
📅 March-April | Onsite & Remote
👉 www.synacktiv.com/en/offers/tr...
January 29, 2026 at 10:30 AM
🔍 Synacktiv training courses - April 2026
Hands-on #cybersecurity courses led by #Synacktiv experts: Cloud Forensics (AWS), Azure & AD intrusion tactics.
📅 March-April | Onsite & Remote
👉 www.synacktiv.com/en/offers/tr...
Hands-on #cybersecurity courses led by #Synacktiv experts: Cloud Forensics (AWS), Azure & AD intrusion tactics.
📅 March-April | Onsite & Remote
👉 www.synacktiv.com/en/offers/tr...
At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller.
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 www.synacktiv.com/en/publicati...
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 www.synacktiv.com/en/publicati...
On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025
On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025
www.synacktiv.com
January 26, 2026 at 10:05 AM
At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller.
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 www.synacktiv.com/en/publicati...
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 www.synacktiv.com/en/publicati...
Reposted by Synacktiv
Proud to announce that REVEL·IO has secured funding from @bpifrance-officiel.bsky.social under #France2030 🚀
With @synacktiv.com, this supports a new version to:
➡️ help CERT teams automate live forensic analysis
➡️ enable French & European judicial experts to perform reliable mobile extractions
With @synacktiv.com, this supports a new version to:
➡️ help CERT teams automate live forensic analysis
➡️ enable French & European judicial experts to perform reliable mobile extractions
January 16, 2026 at 11:54 AM
Proud to announce that REVEL·IO has secured funding from @bpifrance-officiel.bsky.social under #France2030 🚀
With @synacktiv.com, this supports a new version to:
➡️ help CERT teams automate live forensic analysis
➡️ enable French & European judicial experts to perform reliable mobile extractions
With @synacktiv.com, this supports a new version to:
➡️ help CERT teams automate live forensic analysis
➡️ enable French & European judicial experts to perform reliable mobile extractions
Cyber threats evolve fast - so should your skills.
In March, join our hands-on #cybersecurity training covering Linux Forensics, Cloud Forensics (Azure & AWS) and Intrusion Tactics.
⌛ Limited seats → www.synacktiv.com/en/offers/tr...
#Cybersecurity #Forensics #CloudSecurity
In March, join our hands-on #cybersecurity training covering Linux Forensics, Cloud Forensics (Azure & AWS) and Intrusion Tactics.
⌛ Limited seats → www.synacktiv.com/en/offers/tr...
#Cybersecurity #Forensics #CloudSecurity
January 14, 2026 at 4:04 PM
Cyber threats evolve fast - so should your skills.
In March, join our hands-on #cybersecurity training covering Linux Forensics, Cloud Forensics (Azure & AWS) and Intrusion Tactics.
⌛ Limited seats → www.synacktiv.com/en/offers/tr...
#Cybersecurity #Forensics #CloudSecurity
In March, join our hands-on #cybersecurity training covering Linux Forensics, Cloud Forensics (Azure & AWS) and Intrusion Tactics.
⌛ Limited seats → www.synacktiv.com/en/offers/tr...
#Cybersecurity #Forensics #CloudSecurity
From legacy WEP to WPA3-Enterprise: sharing our recent #WiFi field experiences. 📡
We detail various scenarios to better understand the risks, including WPA3 PEAP relaying & optimized online PSK brute-forcing.
⤵️ www.synacktiv.com/en/publicati...
We detail various scenarios to better understand the risks, including WPA3 PEAP relaying & optimized online PSK brute-forcing.
⤵️ www.synacktiv.com/en/publicati...
Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025
Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025
www.synacktiv.com
January 14, 2026 at 10:22 AM
From legacy WEP to WPA3-Enterprise: sharing our recent #WiFi field experiences. 📡
We detail various scenarios to better understand the risks, including WPA3 PEAP relaying & optimized online PSK brute-forcing.
⤵️ www.synacktiv.com/en/publicati...
We detail various scenarios to better understand the risks, including WPA3 PEAP relaying & optimized online PSK brute-forcing.
⤵️ www.synacktiv.com/en/publicati...
🔒 Feb 2026: #cybersecurity training with #Synacktiv!
5&6 Feb: Kubernetes Intrusion Tactics (Paris, FR)
9&10 Feb: AWS Intrusion Tactics (Paris, FR)
9-11 Feb: Malware Analysis (Remote, EN)
16-20 Feb: Attacking Web Apps (Paris, FR)
✅ Register now: www.synacktiv.com/en/offers/tr...
5&6 Feb: Kubernetes Intrusion Tactics (Paris, FR)
9&10 Feb: AWS Intrusion Tactics (Paris, FR)
9-11 Feb: Malware Analysis (Remote, EN)
16-20 Feb: Attacking Web Apps (Paris, FR)
✅ Register now: www.synacktiv.com/en/offers/tr...
December 29, 2025 at 11:10 AM
🔒 Feb 2026: #cybersecurity training with #Synacktiv!
5&6 Feb: Kubernetes Intrusion Tactics (Paris, FR)
9&10 Feb: AWS Intrusion Tactics (Paris, FR)
9-11 Feb: Malware Analysis (Remote, EN)
16-20 Feb: Attacking Web Apps (Paris, FR)
✅ Register now: www.synacktiv.com/en/offers/tr...
5&6 Feb: Kubernetes Intrusion Tactics (Paris, FR)
9&10 Feb: AWS Intrusion Tactics (Paris, FR)
9-11 Feb: Malware Analysis (Remote, EN)
16-20 Feb: Attacking Web Apps (Paris, FR)
✅ Register now: www.synacktiv.com/en/offers/tr...
🚨 Pre-Auth RCE in #Livewire (CVE-2025-54068)!
Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing.
🔗 Patch now! (v3.6.4+)
www.synacktiv.com/en/publicati...
Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing.
🔗 Patch now! (v3.6.4+)
www.synacktiv.com/en/publicati...
Livewire: remote command execution through unmarshaling
Livewire: remote command execution through unmarshaling
www.synacktiv.com
December 23, 2025 at 4:40 PM
🚨 Pre-Auth RCE in #Livewire (CVE-2025-54068)!
Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing.
🔗 Patch now! (v3.6.4+)
www.synacktiv.com/en/publicati...
Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing.
🔗 Patch now! (v3.6.4+)
www.synacktiv.com/en/publicati...
🚀 [Training 2026] Research & exploitation: embedded #Linux systems
5-day training on UART access, firmware analysis, QEMU emulation, fuzzing (AFL++), static analysis & persistence on compromised systems.
📍 On site, Paris
🇫🇷 French
Register 👇
www.synacktiv.com/en/offers/tr...
5-day training on UART access, firmware analysis, QEMU emulation, fuzzing (AFL++), static analysis & persistence on compromised systems.
📍 On site, Paris
🇫🇷 French
Register 👇
www.synacktiv.com/en/offers/tr...
December 23, 2025 at 10:40 AM
🚀 [Training 2026] Research & exploitation: embedded #Linux systems
5-day training on UART access, firmware analysis, QEMU emulation, fuzzing (AFL++), static analysis & persistence on compromised systems.
📍 On site, Paris
🇫🇷 French
Register 👇
www.synacktiv.com/en/offers/tr...
5-day training on UART access, firmware analysis, QEMU emulation, fuzzing (AFL++), static analysis & persistence on compromised systems.
📍 On site, Paris
🇫🇷 French
Register 👇
www.synacktiv.com/en/offers/tr...
🔥 Synacktiv’s #CSIRT 2026 training sessions are coming!
Forensics, malware analysis, cloud investigations - all taught by our experts, available remotely or on site, in French or English.
Register 👇
www.synacktiv.com/en/offers/tr...
Forensics, malware analysis, cloud investigations - all taught by our experts, available remotely or on site, in French or English.
Register 👇
www.synacktiv.com/en/offers/tr...
December 18, 2025 at 4:37 PM
🔥 Synacktiv’s #CSIRT 2026 training sessions are coming!
Forensics, malware analysis, cloud investigations - all taught by our experts, available remotely or on site, in French or English.
Register 👇
www.synacktiv.com/en/offers/tr...
Forensics, malware analysis, cloud investigations - all taught by our experts, available remotely or on site, in French or English.
Register 👇
www.synacktiv.com/en/offers/tr...
[New blog post] As part of an R&D project, @tomtombinary.bsky.social identified several critical vulnerabilities in the LAN multiplayer mode of the game Anno 1404 (released in 2009) 🔍
Want to know more?
Read the full article on our blog 👇
www.synacktiv.com/en/publicati...
Want to know more?
Read the full article on our blog 👇
www.synacktiv.com/en/publicati...
Exploiting Anno 1404
Exploiting Anno 1404
www.synacktiv.com
December 16, 2025 at 3:56 PM
[New blog post] As part of an R&D project, @tomtombinary.bsky.social identified several critical vulnerabilities in the LAN multiplayer mode of the game Anno 1404 (released in 2009) 🔍
Want to know more?
Read the full article on our blog 👇
www.synacktiv.com/en/publicati...
Want to know more?
Read the full article on our blog 👇
www.synacktiv.com/en/publicati...
HID recently disclosed HID-PSA-2025-002, a critical flaw in the #ActivID Authentication Appliance 8.7.
In our new blog post, @us3r777.bsky.social and @pierregg.bsky.social break down exactly how they uncovered it, from methodology to exploitation 💡
Read it here ⬇️
synacktiv.com/en/publicati...
In our new blog post, @us3r777.bsky.social and @pierregg.bsky.social break down exactly how they uncovered it, from methodology to exploitation 💡
Read it here ⬇️
synacktiv.com/en/publicati...
ActivID administrator account takeover : the story behind
ActivID administrator account takeover : the story behind
synacktiv.com
December 12, 2025 at 3:22 PM
HID recently disclosed HID-PSA-2025-002, a critical flaw in the #ActivID Authentication Appliance 8.7.
In our new blog post, @us3r777.bsky.social and @pierregg.bsky.social break down exactly how they uncovered it, from methodology to exploitation 💡
Read it here ⬇️
synacktiv.com/en/publicati...
In our new blog post, @us3r777.bsky.social and @pierregg.bsky.social break down exactly how they uncovered it, from methodology to exploitation 💡
Read it here ⬇️
synacktiv.com/en/publicati...
🔥 #Synacktiv’s 2026 Internship Book is out!
Whether you're into pentest, reverse engineering, incident response or development, you’ll find our full list of internships plus practical tips to boost your chances.
📬 Send us your CV: www.synacktiv.com/book_stage_s...
Whether you're into pentest, reverse engineering, incident response or development, you’ll find our full list of internships plus practical tips to boost your chances.
📬 Send us your CV: www.synacktiv.com/book_stage_s...
www.synacktiv.com
December 12, 2025 at 9:21 AM
🔥 #Synacktiv’s 2026 Internship Book is out!
Whether you're into pentest, reverse engineering, incident response or development, you’ll find our full list of internships plus practical tips to boost your chances.
📬 Send us your CV: www.synacktiv.com/book_stage_s...
Whether you're into pentest, reverse engineering, incident response or development, you’ll find our full list of internships plus practical tips to boost your chances.
📬 Send us your CV: www.synacktiv.com/book_stage_s...
Level up your #pentest skills in 2026 🚀
Join Synacktiv’s hands-on trainings: from Kubernetes & cloud hacks to web app attacks & AD intrusion.
More information & registration : www.synacktiv.com/en/offers/tr...
#cybersecurity
Join Synacktiv’s hands-on trainings: from Kubernetes & cloud hacks to web app attacks & AD intrusion.
More information & registration : www.synacktiv.com/en/offers/tr...
#cybersecurity
Trainings
Synacktiv
www.synacktiv.com
December 11, 2025 at 12:22 PM
Level up your #pentest skills in 2026 🚀
Join Synacktiv’s hands-on trainings: from Kubernetes & cloud hacks to web app attacks & AD intrusion.
More information & registration : www.synacktiv.com/en/offers/tr...
#cybersecurity
Join Synacktiv’s hands-on trainings: from Kubernetes & cloud hacks to web app attacks & AD intrusion.
More information & registration : www.synacktiv.com/en/offers/tr...
#cybersecurity
🕵️♂️ When an 'innocent' #PHP file hides a #backdoor…
During an investigation on a compromised server, we came across an obfuscated PHAR stub - a classic sign of a #webshell trying to evade basic scanners.
Check out our technical analysis 🔍
Have you ever encountered this type of “packaged” webshell? 💬
During an investigation on a compromised server, we came across an obfuscated PHAR stub - a classic sign of a #webshell trying to evade basic scanners.
Check out our technical analysis 🔍
Have you ever encountered this type of “packaged” webshell? 💬
December 9, 2025 at 2:38 PM
🎓🚀 Ready to level up your #cybersecurity skills?
Synacktiv’s 2026 training programs are open for registration!
Get practical, expert-led sessions in offensive and defensive cybersecurity - online or in-person, in French or English 🇫🇷🇬🇧
🔗 Learn more: www.synacktiv.com/en/offers/tr...
Synacktiv’s 2026 training programs are open for registration!
Get practical, expert-led sessions in offensive and defensive cybersecurity - online or in-person, in French or English 🇫🇷🇬🇧
🔗 Learn more: www.synacktiv.com/en/offers/tr...
December 4, 2025 at 3:00 PM
🎓🚀 Ready to level up your #cybersecurity skills?
Synacktiv’s 2026 training programs are open for registration!
Get practical, expert-led sessions in offensive and defensive cybersecurity - online or in-person, in French or English 🇫🇷🇬🇧
🔗 Learn more: www.synacktiv.com/en/offers/tr...
Synacktiv’s 2026 training programs are open for registration!
Get practical, expert-led sessions in offensive and defensive cybersecurity - online or in-person, in French or English 🇫🇷🇬🇧
🔗 Learn more: www.synacktiv.com/en/offers/tr...
Winter is here, it's time to test your assembly skills with the #Synacktiv Winter Challenge 🏂.
A code golf competition that guarantees hours of intense x86 instruction optimization!
🔗 Participate here: www.synacktiv.com/en/publicati...
A code golf competition that guarantees hours of intense x86 instruction optimization!
🔗 Participate here: www.synacktiv.com/en/publicati...
December 2, 2025 at 5:08 PM
Winter is here, it's time to test your assembly skills with the #Synacktiv Winter Challenge 🏂.
A code golf competition that guarantees hours of intense x86 instruction optimization!
🔗 Participate here: www.synacktiv.com/en/publicati...
A code golf competition that guarantees hours of intense x86 instruction optimization!
🔗 Participate here: www.synacktiv.com/en/publicati...
Missed @hexacon.bsky.social 2025? 🤯
Good news, all #Synacktiv’s deep-dive talks on offensive research & reverse engineering are now online!
🎥 Watch the full playlist: www.youtube.com/playlist?lis...
#cybersecurity
Good news, all #Synacktiv’s deep-dive talks on offensive research & reverse engineering are now online!
🎥 Watch the full playlist: www.youtube.com/playlist?lis...
#cybersecurity
December 1, 2025 at 3:12 PM
Missed @hexacon.bsky.social 2025? 🤯
Good news, all #Synacktiv’s deep-dive talks on offensive research & reverse engineering are now online!
🎥 Watch the full playlist: www.youtube.com/playlist?lis...
#cybersecurity
Good news, all #Synacktiv’s deep-dive talks on offensive research & reverse engineering are now online!
🎥 Watch the full playlist: www.youtube.com/playlist?lis...
#cybersecurity
At #Pwn2Own2025, our experts Tek & @anyfun.bsky.social remotely compromised a Synology Beestation Plus via a pre-auth exploit, leading to full system takeover.
The vuln is now tracked as CVE-2025-12686 🔍
🔗 Full write-up: www.synacktiv.com/en/publicati...
The vuln is now tracked as CVE-2025-12686 🔍
🔗 Full write-up: www.synacktiv.com/en/publicati...
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
www.synacktiv.com
November 27, 2025 at 3:00 PM
At #Pwn2Own2025, our experts Tek & @anyfun.bsky.social remotely compromised a Synology Beestation Plus via a pre-auth exploit, leading to full system takeover.
The vuln is now tracked as CVE-2025-12686 🔍
🔗 Full write-up: www.synacktiv.com/en/publicati...
The vuln is now tracked as CVE-2025-12686 🔍
🔗 Full write-up: www.synacktiv.com/en/publicati...
@alexisdanizan.bsky.social discovered several critical flaws in an older #IvantiITSM version 💥
Already reported, but these exploits could still be useful and come with technical details ⬇️
github.com/synacktiv/it...
Already reported, but these exploits could still be useful and come with technical details ⬇️
github.com/synacktiv/it...
GitHub - synacktiv/itsm-exploit: Ivanti Neurons for ITSM (On Premise) exploits
Ivanti Neurons for ITSM (On Premise) exploits. Contribute to synacktiv/itsm-exploit development by creating an account on GitHub.
github.com
November 27, 2025 at 10:34 AM
@alexisdanizan.bsky.social discovered several critical flaws in an older #IvantiITSM version 💥
Already reported, but these exploits could still be useful and come with technical details ⬇️
github.com/synacktiv/it...
Already reported, but these exploits could still be useful and come with technical details ⬇️
github.com/synacktiv/it...
🚀 It’s the big day for the #CBCToulouse!
The #Synacktiv team is on-site and ready to connect with you throughout the event.
📍 Visit our booth to learn more about our areas of expertise and our career opportunities!
📅 26–27 November 2025
ℹ️ More information: cbc-convention.com
The #Synacktiv team is on-site and ready to connect with you throughout the event.
📍 Visit our booth to learn more about our areas of expertise and our career opportunities!
📅 26–27 November 2025
ℹ️ More information: cbc-convention.com
November 26, 2025 at 10:08 AM
🚀 It’s the big day for the #CBCToulouse!
The #Synacktiv team is on-site and ready to connect with you throughout the event.
📍 Visit our booth to learn more about our areas of expertise and our career opportunities!
📅 26–27 November 2025
ℹ️ More information: cbc-convention.com
The #Synacktiv team is on-site and ready to connect with you throughout the event.
📍 Visit our booth to learn more about our areas of expertise and our career opportunities!
📅 26–27 November 2025
ℹ️ More information: cbc-convention.com
Last Friday at #BlackAlps2025, noraj explored the hidden security challenges of #Unicode 🎤
With 1,000+ pages of specs, even small mistakes can become attack vectors.
Dive into the details 👉 www.synacktiv.com/ressources%2...
With 1,000+ pages of specs, even small mistakes can become attack vectors.
Dive into the details 👉 www.synacktiv.com/ressources%2...
November 25, 2025 at 3:07 PM
Last Friday at #BlackAlps2025, noraj explored the hidden security challenges of #Unicode 🎤
With 1,000+ pages of specs, even small mistakes can become attack vectors.
Dive into the details 👉 www.synacktiv.com/ressources%2...
With 1,000+ pages of specs, even small mistakes can become attack vectors.
Dive into the details 👉 www.synacktiv.com/ressources%2...