Kévin Tellier

Our ninjas are in Vienna for the T-REX conference! 🎤 @k3vinTell delivered a session exploring advanced Red Team lateral movement techniques built on DCOM - a great opportunity to exchange practices with fellow experts. Thank you to the @oenb for hosting such a great event!

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc @kalimer0x00 @quent0x1 @wil_fri3d

🚨 Les experts français de @Synacktiv transforment le Thermomix en démonstration de hacking :) Manipulation de température, messages personnalisés... tout est possible ! On vous raconte ça 👉 clubic.com/actualite-5728… #thermomix

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. synacktiv.com/publications/n…

Check out how I discover CVE-2025-33073 : RCE with NTLM reflectiv attack allowing authenticated user to compromise any machine without SMB signing enforced !

To those who set the bar 🥂 Global Cyber Skills Benchmark 2025 is over, and the leaderboard has spoken. Huge congrats to the top corporate #cybersecurity teams who crushed it in this global competition: 🥇 @Synacktiv 🥈 @GMOsecurity24 🥉 downscope.org #HackTheBox #HTB #CTF #CyberSkills #Cybersecurity #CaptureTheFlag #InfoSec

For the second year in a row, we managed to get first place at the #HackTheBox Business #CTF 2025! 🥇 Congratulations to @gmo_ierae and Downscope and thanks to @hackthebox_eu for the fun challenges! 🥳

Our ninjas are attending SO-CON! Come and say hi 👋

I'm out, see you on the other side : bsky.app/profile/kevint…

You can now use LDAP/LDAPs protocols with the SOCKS proxy of ntlmrelayx thanks to the PR from @b1two_ (now merged upstream). Here is an example with ldeep using relayed authentication from HTTP to LDAPs :

You can now relay any protocol to SMB over Kerberos with krbrelayx.py and the latest PRs from @hugow_vincent. Thanks @_dirkjan for merging it! Here is an example from SMB to SMB:

I am excited to share with you my latest research - "DCOM Upload & Execute" An advanced lateral movement technique to upload and execute custom payloads on remote targets Forget about PSEXEC and dive in! deepinstinct.com/blog/forget-ps… github.com/deepinstinct/D…

Coffee break thoughts: "is it possible to bruteforce RPC endpoint to perform code exec if you can't access EPM/SMB?" 99% impacket atexec + 1% "for loop" = 100% prod ready gist.github.com/ThePirateWhoSm… (silent command only) h/t @saerxcit 🌻

SCCMSecrets.py. SCCM policies exploitation tool, by @croco_byte github.com/synacktiv/SCCM…

Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by @hugow_vincent to discover how to perform this attack: synacktiv.com/publications/r…

Octoscan, our GitHub actions vulnerability scanner, is now available as a GitHub action! It will find vulnerabilities in new commits and pull requests, and upload it to GitHub as it now supports the SARIF file format! github.com/synacktiv/acti…

Hi! We'd like to share our new research with you. You've probably heard about COM Hijacking, but we've found another way of persistence via COM. Typelib! Read the article here: @cicada-8/hijack-the-typelib-new-com-persistence-technique-32ae1d284661" target="_blank" rel="nofollow noopener">medium.com/@cicada-8/hija…

Administrator Protection, introduced in the latest Windows Insider Canary build, is a solid security enhancement... uhh.. really?? can be bypassed with @splinter_code's clever SspiUacBypass tool. Check it out here: github.com/antonioCoco/Ss…

During a recent engagement, @Bandrel discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new #blog! hubs.la/Q02SCqpG0

Just wrapped up two fantastic training sessions at #Hexacon! A big thank you to everyone who joined us for our deep dives into Active Directory/Azure and iOS internals. It was great to share knowledge and learn together!