David B. - _p0ly_
LightNews LightNews
banner
pol-y.bsky.social
David B. - _p0ly_
@pol-y.bsky.social
170 followers 170 following 1 posts
Security expert @Synacktiv
Posts Replies Media Videos
Reposted by David B. - _p0ly_
synacktiv.com
🎉 Big win at #Pwn2Own Cork!

@pol-y.bsky.social of #Synacktiv successfully breached the @Ubiquiti AI Pro surveillance system 🦈🎶

What a way to wrap up the challenge - congrats, @pol-y.bsky.social 💪
October 23, 2025 at 12:35 PM
Reposted by David B. - _p0ly_
synacktiv.com
A pre-auth RCE combining 2 critical vulnerabilities on the Production Environment extension of the PHP low-code website generator ScriptCase has been found by noraj and cabir. No upstream fix yet, please apply the workaround.
www.synacktiv.com/advisories/s...
ScriptCase - Pre-Authenticated Remote Command Execution
ScriptCase - Pre-Authenticated Remote Command Execution
www.synacktiv.com
July 4, 2025 at 4:00 PM
Reposted by David B. - _p0ly_
synacktiv.com
🚗🔌 We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging cable. From protocol analysis to code execution, a Pwn2Own Automotive 2025 exploit write-up.
www.synacktiv.com/en/publicati...
Exploiting the Tesla Wall connector from its charge port connector
An interesting attack surface Over the past few years, Synacktiv has been analyzing Tesla vehicles for the Pwn2Own competition.
www.synacktiv.com
June 17, 2025 at 2:27 PM
Reposted by David B. - _p0ly_
hexacon.bsky.social
We’re receiving a lot of requests to buy tickets, but the conference is sold out! Only tickets bundled with training are still available. You can also join the waiting list or submit a talk to our CFP (cfp.hexacon.fr/hexacon-2025/) 😉

Thank you all for your amazing support! 🙏
Hexacon25
Schedule, talks and talk submissions for Hexacon25
cfp.hexacon.fr
June 12, 2025 at 8:34 AM
Reposted by David B. - _p0ly_
hexacon.bsky.social
🔔 It is time to buy your HEXACON ticket!

💸 Discounted tickets are available (while supplies last) for students and professionals who do not receive support from their company. This approach is based on trust, but we may ask for proof.

www.hexacon.fr/register/
June 2, 2025 at 1:59 PM
Reposted by David B. - _p0ly_
hexacon.bsky.social
📢 Our Call For Papers is open until 14 July!

➡️ Details & benefits: www.hexacon.fr/conference/c...

Also, conference tickets will be on sale today at 4PM (UTC+2)
June 2, 2025 at 10:04 AM
Reposted by David B. - _p0ly_
synacktiv.com
The last #Sth4ck talk was @pol-y.bsky.social talking about the Tesla WallConnector ⚡️
May 26, 2025 at 7:06 AM
Reposted by David B. - _p0ly_
synacktiv.com
Our second talk of the day was Hooking Windows Named Pipes by Thomas
May 23, 2025 at 11:08 AM
Reposted by David B. - _p0ly_
synacktiv.com
Time for our first talk at #Sth4ck! Vic presents his tips and tricks to reverse Objective-C code.
May 23, 2025 at 8:27 AM
Reposted by David B. - _p0ly_
hexacon.bsky.social
🛎 Training ticket sales for HEXACON 2025 open TODAY at 2PM UTC+2!

Limited spots available 🔥

www.hexacon.fr/register/
Hexacon - Register
Offensive security conference organized by seasoned professionals, in the heart of Paris. 10-11th October 2025, save the date!
www.hexacon.fr
May 5, 2025 at 11:38 AM
Reposted by David B. - _p0ly_
hexacon.bsky.social
📅 Mark your calendars!

www.hexacon.fr
April 23, 2025 at 1:37 PM
Reposted by David B. - _p0ly_
hexacon.bsky.social
Time to start announcing our trainings for Hexacon 2025! 📣

📆 6th-9th October 2025
💶 4800€
📍 Near the conference
🎟 Registrations will open in May

www.hexacon.fr/trainings/
Hexacon - Trainings
Offensive security conference organized by seasoned professionals, in the heart of Paris. 10-11th October 2025, save the date!
www.hexacon.fr
April 15, 2025 at 2:38 PM
Reposted by David B. - _p0ly_
hexacon.bsky.social
Hypervisor development for security analysis

by Satoshi Tanda

www.hexacon.fr/trainer/tanda/
April 15, 2025 at 2:40 PM
Reposted by David B. - _p0ly_
hexacon.bsky.social
AI Agents for Cybersecurity

by Richard Johnson (@richinseattle.bsky.social)

www.hexacon.fr/trainer/john...
April 15, 2025 at 2:44 PM
Reposted by David B. - _p0ly_
hexacon.bsky.social
Azure intrusion for red teamers

by Paul Barbé & Matthieu Barjole

www.hexacon.fr/trainer/barb...
April 15, 2025 at 2:46 PM
Reposted by David B. - _p0ly_
synacktiv.com
Don't forget @bieresecutls.bsky.social on Wednesday 9th before THCon, first round of drinks is on us 🍻
bieresecutls.bsky.social Bière Sécu Toulouse @bieresecutls.bsky.social · Mar 3
📢 Prochain Bière&Sécu mercredi 9 avril 🗓️ (veille de
Thcon) ! RDV à partir de 19h au Rooster and Beer🐔🍺
@synacktiv.com offrira la première tournée de bières 🍻.
Il n'y aura pas de présentation cette fois-ci mais n'hésitez pas à proposer des Rumps à THCon 😉
April 7, 2025 at 8:49 AM
Reposted by David B. - _p0ly_
synacktiv.com
Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team!
Find out if you are a good candidate by reading our offer (🇫🇷).
www.synacktiv.com/responsable-...
Responsable équipe reverse engineering
www.synacktiv.com
March 28, 2025 at 4:25 PM
Reposted by David B. - _p0ly_
bieresecutls.bsky.social
📢 Prochain Bière&Sécu mercredi 9 avril 🗓️ (veille de
Thcon) ! RDV à partir de 19h au Rooster and Beer🐔🍺
@synacktiv.com offrira la première tournée de bières 🍻.
Il n'y aura pas de présentation cette fois-ci mais n'hésitez pas à proposer des Rumps à THCon 😉
March 3, 2025 at 1:04 PM
Reposted by David B. - _p0ly_
thezdi.bsky.social
Confirmed! @Synacktiv used a logic bug as a part of their chain to exploit the Tesla Wall Connector via the Charging Connector. Their outstanding (and inventive) research earns them $45,000 and 7 Master of Pwn points. #P2OAuto #Pwn2Own
January 23, 2025 at 9:55 AM
Reposted by David B. - _p0ly_
thezdi.bsky.social
Wow. Just wow. The @synacktiv team was able to take over the #Tesla Wall Connector while having their exploit originate from the Charging Connector. To our knowledge, that's never been demonstrated publicly before. They head to the disclosure room with details. #P2OAuto #Pwn2Own
January 23, 2025 at 7:41 AM
Reposted by David B. - _p0ly_
bieresecutls.bsky.social
📣 Prochain Bière & Sécu Toulouse le mardi 4 février!
🗓️ RDV au Rooster and Beer à partir de 18h30
👉 Merci de vous inscrire sur le framadate : framadate.org/rZveOzrGMyNb...
🗣️ Contactez-nous si vous avez des sujets à présenter via Twitter, Bluesky ou Discord !
Sondage - Bière&Sécu Toulouse - Framadate
Framadate est un service en ligne permettant de planifier un rendez-vous ou prendre des décisions rapidement et simplement.
framadate.org
January 8, 2025 at 12:46 PM
Reposted by David B. - _p0ly_
synacktiv.com
Kickstart 2025 with a cloud exploitation training like no other!
🚀 Join our experts on Feb 10th to master cutting-edge techniques in GCP, AWS, Azure & Kubernetes. Don't miss out! www.synacktiv.com/en/offers/tr...
Pentest Cloud
Day 1 Fundamentals: cloud terminology, infrastructure services, network topology, identity and access management, authentication mechanisms ( OAuth ), reminders of Linux security mechanisms ( namespa
www.synacktiv.com
January 7, 2025 at 4:11 PM
Reposted by David B. - _p0ly_
synacktiv.com
You can now relay any protocol to SMB over Kerberos with krbrelayx.py and the latest PRs from Hugo Vincent.
Thanks @dirkjanm.io for merging it!
Here is an example from SMB to SMB:
December 12, 2024 at 2:36 PM
Reposted by David B. - _p0ly_
synacktiv.com
A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by jbms. You can read the advisory here:
www.synacktiv.com/advisories/l...
Local privilege escalation in Windows Velociraptor service
Local privilege escalation in Windows Velociraptor service
www.synacktiv.com
November 22, 2024 at 5:23 PM