Quentin Roland

SCCMSecrets.py: Exploiting SCCM Policies Distribution for Credentials Harvesting, Initial Access and Lateral Movement, by @croco_byte synacktiv.com/publications/s…

HID recently disclosed HID-PSA-2025-002, a critical flaw in the #ActivID Authentication Appliance 8.7. In our new blog post, @us3r777 and @__pierreg break down exactly how they uncovered it, from methodology to exploitation 💡 Read it here ⬇️ synacktiv.com/en/publication…

[Blogpost] @croco_byte presents how to exploit attack paths related to Active Directory sites' ACLs. As the latter often constitute a blind spot for AD enumeration tools, the article also describes a pull request aiming to integrate them into the BloodHound project: synacktiv.com/en/publication…

Afterwards, the great @croco_byte took the stage, also at #OrangeCon, to present the authentication relay techniques he discovered earlier this year. As always, he illustrated his talk with a demo, showing that these techniques can be applied to real-world AD environments. 🔥

How safe is your browser? Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers. Read more here ⬇️ synacktiv.com/en/publication…

🧑‍🎓 Boost your offensive Active Directory skills with our Entry & Advanced trainings. Hands-on labs with dozens of machines + latest research from DEFCON, x33fcon & more! Seats are limited, don’t miss out! 🔗 Entry: synacktiv.com/en/offers/trai… 🔗 Advanced: synacktiv.com/en/offers/trai…

@mpgn_x64 @mael91620 @rayanlecat @_bluesheet @_sans23 🐊

@mael91620 @rayanlecat @_bluesheet @_sans23 @quent0x1 is the 🐊

Writeup from @mael91620 is now available 🎉 From coerce into SPN less RBDC, gmsa decryption, dpapi, constraint delegation w/t protocol transition​ to ntds dissection ! 😈 Congrats to the one who solved it 🥇@rayanlecat 🥈@_bluesheet & 🐊 🥉@_sans23 ➡️github.com/mael91620/Barb…

🛠️ GroupPolicyBackdoor - a python utility for Group Policy Objects (GPOs) manipulation and exploitation. ✅ GPO attack vectors can very often lead to impactful privilege escalation scenarios in Active Directory environments. github.com/synacktiv/Grou…

The GroupPolicyBackdoor tool, presented at #DEFCON 2025, is now available on Synacktiv's GitHub: github.com/synacktiv/Grou… This python utility offers a stable, modular and stealthy exploitation framework targeting Group Policy Objects in Active Directory!

My personal #defcon33 highlights: Better tools for GPO exploitation: media.defcon.org/DEF%20CON%2033… Critical vulns in Zscaler and Netskope: media.defcon.org/DEF%20CON%2033… Phishing on official Microsoft login: media.defcon.org/DEF%20CON%2033… SSH vulnerabilities: media.defcon.org/DEF%20CON%2033…

@mjc91295814 @wil_fri3d Hi! The tool will be published during next week on Synacktiv's Github, we'Il announce the release with a tweet 😀

@wil_fri3d hello,When was the GroupPolicyBackdoor tool introduced in the presentation released?

gpoParser, which I presented at #leHACK2025 and #DEFCON, is available here: github.com/synacktiv/gpoP… It is a specialized utility designed to enumerate Group Policy Objects (GPOs) and identify potential security misconfigurations.

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc @kalimer0x00 @quent0x1 @wil_fri3d

Don't miss @kalimer0x00 at #DEFCON33! His talk, "SCCM: The Tree That Always Bears Bad Fruits", covers modern attack paths and abuse techniques in Microsoft SCCM, with a focus on internals, post-exploitation, and persistence! #content_60392" target="_blank" rel="nofollow noopener">defcon.org/html/defcon-33… #DEFCON #SCCM

Catch us at #DEFCON33! @quent0x1 and @wil_fri3d will show how to turn your Active Directory into the attacker’s C2. They'll dive deep into how Group Policy Objects can be leveraged for stealthy enumeration and privilege escalation! #content_60387" target="_blank" rel="nofollow noopener">defcon.org/html/defcon-33… #DEFCON #ActiveDirectory

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. synacktiv.com/publications/n…

Check out how I discover CVE-2025-33073 : RCE with NTLM reflectiv attack allowing authenticated user to compromise any machine without SMB signing enforced !

@stratosberry @Synacktiv The recording of the presentation should be available here shortly: sstic.org/2025/presentat…

@Synacktiv @croco_byte Link to presentation?

For our last talk, @croco_byte explains how to exploit SCCM policies to harvest credentials 🔑 #SSTIC2025

Taking the Relaying Capabilities of Multicast Poisoning to the Next Level: Tricking Windows SMB Clients into Falling Back to WEBDAV, by @synacktiv synacktiv.com/publications/t…

We still have a few talks for #SSTIC2025 last day! This morning, @hugoclout presents 2 proxy tools used during pentests 🌐