Major_Tom

1.8K posts

Major_Tom

@MajorTomSec

Underground control to Major_Tom. Security ninja @Synacktiv CTF Player @SentryWhale

Lille, France Katılım Nisan 2013

384 Takip Edilen3.1K Takipçiler

Major_Tom@MajorTomSec·26 Oca

Proud to finally share the write-up of our VMware Workstation escape from P2O Berlin 2025, featuring a generic bypass for Windows LFH mitigations using side-channels. I hope it will be as fun to read as it was to exploit! x.com/Synacktiv/stat…

Synacktiv@Synacktiv

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇 synacktiv.com/en/publication…

English

191

17.6K

Major_Tom retweetledi

Synacktiv@Synacktiv·26 Oca

English

153

533

48.1K

Major_Tom retweetledi

TrendAI Zero Day Initiative@thezdi·17 May

Confirmed! Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own

English

128

13.2K

Major_Tom retweetledi

TrendAI Zero Day Initiative@thezdi·17 May

Boom! Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) close out #Pwn2Own in style with a guest-to-host escape in VMware Workstation. If confirmed, it will put the total contest payout at over $1,000,000! #Pwn2Own

English

210

15.9K

Major_Tom retweetledi

TrendAI Zero Day Initiative@thezdi·17 May

A successful collision! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics used 2 bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 & 11.5 Master of Pwn points. #Pwn2Own

English

Major_Tom retweetledi

Synacktiv@Synacktiv·10 Nis

In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b took a long journey down a rabbit hole to understand its root cause. synacktiv.com/en/publication…

English

160

20.5K

Major_Tom retweetledi

Specter@SpecterDev·25 Eki

I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk + vod should hopefully be published soon. github.com/PS5Dev/Byeperv…

English

119

652

98.6K

Major_Tom retweetledi

Specter@SpecterDev·29 Eyl

Feels great when an idea can finally be tested and works out after like a year :) Shouts to ChendoChap for working out the ROP chain. Protip: staying < 3.00 is a good idea.

English

771

124.6K

Major_Tom retweetledi

Andy Nguyen@theflow0·30 Nis

Decided to publish PPPwn early. The first PlayStation 4 Kernel RCE. Supporting FWs upto 11.00. github.com/TheOfficialFlo…

English

338

941

4.7K

625.1K

Major_Tom retweetledi

Synacktiv@Synacktiv·26 Oca

Here we are! 🥷 Masters of pwn for the third time 🎉 Congratulations to all the ninjas involved! #Pwn2Own

English

330

24.4K

Major_Tom retweetledi

Synacktiv@Synacktiv·17 Kas

For the second talk of the day, @OnlyTheDuck and @MajorTomSec present their methodology on attacking virtualization solutions. #GreHack23

English

Major_Tom retweetledi

Hexacon@hexacon_fr·6 Kas

🎥 Recordings of #HEXACON2023 talks are now available on our YouTube channel: youtube.com/channel/UCtzuV…

English

206

41.8K

Major_Tom retweetledi

Synacktiv@Synacktiv·13 Eki

Now, @masthoon and @MajorTomSec are on stage to present their VirtualBox chain used during #Pwn2Own

English

9.1K

Major_Tom retweetledi

Synacktiv@Synacktiv·25 Eyl

The program for @GrehackConf is out with 3 Synacktiv talks! 🖥️ Virtualization from an attacker Point-Of-View: @OnlyTheDuck & @MajorTomSec 🚘 Unlocking the Drive: Exploiting Tesla Model 3: @_p0ly_ & @vdehors 🐧 Ubuntu Shiftfs: Unbalanced Unlock Exploitation Attempt: @jbcayrou

GreHack@GrehackConf

Hey folks! We're excited to present the #GreHack23 program. You can now consult it on our website: grehack.fr/program The first batch of tickets (including workshop & CTF) will be available on October 1, 2023 at 10:00am (UTC+2).

English

6.5K

Major_Tom retweetledi

Thiebaut Elsa@thiebaut_elsa·31 Tem

As announced at #FIC, @Synacktiv is opening a new office in the center of #lille with a team of 7 ninjas. All our positions are now open in Lille 📍7 Boulevard Louix XIV. If you want to join us : apply@synacktiv.com

English

2.2K

Major_Tom retweetledi

p0up0u@_p0up0u_·21 Tem

kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices: github.com/felix-pb/kfd

English

116

432

182.9K

Major_Tom retweetledi

Hexacon@hexacon_fr·17 Tem

📦 Breaking Out of the Box: Technical analysis of VirtualBox VM escape with Windows LPE, by Thomas Bouzerar (@MajorTomSec) and Thomas Imbert (@masthoon)

English

11K

Major_Tom retweetledi

Hexacon@hexacon_fr·13 Tem

🔪💻 Finding and exploiting an old XNU logic bug, by Eloi Benoist-Vanderbeken (@elvanderb)

Nederlands

9.9K

Major_Tom retweetledi

TheZDIBugs@TheZDIBugs·25 Nis

[ZDI-23-486|CVE-2023-21988] (Pwn2Own) Oracle VirtualBox GPA Request Handling Uninitialized Memory Information Disclosure Vulnerability (CVSS 6.0; Credit: @MajorTomSec from @Synacktiv) zerodayinitiative.com/advisories/ZDI…

English

4.5K

Major_Tom retweetledi

CTurt@CTurtE·2 Nis

Part 2 - Attacking the compiler process: cturt.github.io/mast1c0re-2.ht… Ultimately I didn't finish the exploit, but hopefully it's still interesting, and maybe we will see a full exploit implementation from someone else in the future.

English

365

64.8K

Keşfet

@Synacktiv @OnlyTheDuck @Reverse_Tactics @0xf4b @masthoon @GrehackConf @_p0ly_ @vdehors