Xavier C.

🚀 [NEWS from our SPONSORS] New course at OTERIA! 🎓 Dive into vulnerability research with the 0x41 course by our Expert Sponsor @OteriaCS Designed by @RandoriSec , @Synacktiv & solo experts : @TheLaluka , @Calin_42 , @ENOENT_, #Unknow101 & #HuGe. On the program: Reverse engineering, Fuzzing, Cryptography, Binary exploitation 📅 Pre-selection: 25 Feb - 7 Mar on Root-Me PRO Register now!: x41.fr Join the Discord: discord.gg/b3BUpJ2XFX

@olesovhcom Nice work on that :) Thank you and thanks @olesovhcom for the eco range (and the price 😂)

PS. As we continue to improve IP management in Control Panel (Manager), more news will comesoon! PPS. Bit thanks to all teams involved, especially our lovely UX & DT folks who made the magic ❤! copyright Kuba :)

Manager / IPv4 IPv6 1/3 Additional IP order for Parking (i.e.: customer can now order multiple IPv4 on Parking to later attach them to his services anticipating infrastructure scaling needs) During Additional IP order process, ust select IP Parking as target Service and target region in which such Additional IP will be usable (so also movable)

#ECSC2024 | Accompagnée des coachs de l'ANSSI, la @ECSC_TeamFrance 🇫🇷 est arrivée à Turin, prête à affronter les épreuves de l'European Cybersecurity Challenge. 💪 N'hésitez pas à les encourager en commentaire !

@0xidel @noujoude1337 Causes : - Réflexions beaufs quotidiennes - Une culture de l'ego bien connue qui stigmatise leur parcours pro - Peu/pas de points de contact en cas de harcèlement - Peu/pas de sensibilisation - Le besoin de toujours "prouver" qu'elles méritent leur place je continue? @0xidel 😊

@lxt33r @Sonia_perso @noujoude1337 @ANSSI_FR @ECSC_TeamFrance @ecsc2024 Cringe un peu non ? @lxt33r

@Sonia_perso @noujoude1337 @ANSSI_FR @ECSC_TeamFrance @ecsc2024 Qui te dit qu'ils ne se sentent pas femmes ?

.@kaspersky's Q2 2024 report unpacks #APT and financial attacks on industrial enterprises, revealing how certain groups are compromising critical infrastructure. Stay informed on the latest trends—an essential read for industry professionals ⇒ kas.pr/mz5f

Sample/PoC Windows kernel driver for detect DMA devices by using Vendor ID and Device ID signatures github.com/un4ckn0wl3z/PC…

@Luzark_ @0x09AL

@0x09AL It's ok to be scared of printer issues. Those machines are pure evil

Nah this is offensive 😂

In their latest blogpost, @hugow_vincent and @loadlow developed in-memory post-exploitation payloads to inject and hook common Java applications. Come and see the Java shenanigans involved to interact with the apps from the inside! synacktiv.com/publications/i…

@podalirius_ Putain je suis terminé 😂😂

You're right, the FSB would not allow you to crash their implants.

Never too soon

@hasherezade 👀 😍

Coming soon: #PEbear with support for ARM binaries

@H_Miser Always a pleasure to re-read this amazing write-up :) Thanks for the refresh

BTW the recovery of the full key described in the paper is brillant. Impressive work.

Tiens le cyber influenceur qui avait leaké le certificat d'un de ses clients (tronqué mais reconstruit par un habile expert) pour se vanter d'un pentest réussi par ici, ne peut s'empêcher de trouver que les gens sont trop "locaces" (sic) dans les lounges d'aéroport (FAP FAP FAP)

@pac0um_Sec ◡̈

oO !!! ✅

Interested in finding and exploiting vulnerabilities in old video games? If so, you'll love our latest blogpost on American Conquest by @tomtombinary! synacktiv.com/publications/e…

~ Message d'utilité publique ~ 🌺 Lettre ouverte au pollen 🏵️ Nique bien tes grands morts, Cordialement. 🖕

In his latest blogpost, @yaumn_ analyzes MDI's detection of PKINIT authentication, explains how to bypass it and releases Invoke-RunAsWithCert, a tool to perform Kerberos authentication via PKINIT with the Windows API from a non domain-joined machine. synacktiv.com/publications/u…

New blog: Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes. Some tips and tricks on abusing TAPs for Windows Hello persistence and NT hash recovery over Cloud Kerberos Trust. dirkjanm.io/lateral-moveme…

In our latest blogpost, @croco_byte presents an often overlooked AD attack surface related to OUs ACLs,with the release of a dedicated exploitation tool, OUned.py (github.com/synacktiv/OUned). synacktiv.com/publications/o…

@kalin0x Quel est le nom de la potion magique ? :p