Mastho

Our training "Bug Hunting in Hypervisors"  returns at @reconmtl in 2026! Taught by researchers actively working on real-world hypervisor exploitation #Pwn2Own Designed for security researchers, we will dive into VM escapes, hypervisor attack surfaces, and real-world exploitation

stop using ubuntu 24.04 to host your kernel pwn challenges lmao kqx.io/post/qemu-nday/

If you missed HEXACON 2025 or want to rewatch some of the talks, they’re now available on our YouTube channel 📽️ Enjoy the content, and see you in 2026! youtube.com/playlist?list=…

finally got around to writing up my windows exploit from pwn2own vancouver 2024! (plus some notes about using it on xbox) exploits.forsale/pwn2own-2024/

Our new blog post is live: blog.dfsec.com/ios/2025/05/30…

@typhooncon is already over, but we enjoyed every minute ! During our talk "Journey To Freedom", we disclosed for the first time the details on the Windows LPE we used at Pwn2Own Vancouver 2024 after escaping from VirtualBox. Slides are already available: reversetactics.com/publications/2…

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at @offensive_con. Check it out: devco.re/blog/2025/05/1…

Our latest blog post: Tracing Back to the Source | #SPTM Round 3 #TXM #iOS #macOS #DFF df-f.com/blog/sptm3

The report of the #FreeBSD audit conducted by @masthoon and @jbcayrou is finally out! freebsdfoundation.org/blog/strengthe…

"0-click RCE on Tesla Model 3 through TPMS Sensors" 🚗 by David BERARD (@_p0ly_) & Thomas Imbert (@masthoon)

Excited to share our research on Kernel Streaming! We discovered several vulnerabilities in it that we used at Pwn2Own this year. Check it out: devco.re/blog/2024/08/2…

After nearly 10 years of existence, years of use in production on 10k+ computers. The new PythonForWindows release is 1.0.0 \o/ This release adds three important things: official python 3 support, full Unicode support for py2/py3 & CI testing on GitHub ! github.com/hakril/PythonF…

Ticket sales for #HEXACON2024 are now OPEN! 📆 4th & 5th of October 2024 🎫 Standard price: 1210€ 🎟 Reduced price: 660€ hexacon.fr/register/

#HEXACON2024's call for paper is officially open! 📅 29 May - Mid July ▶️ cfp.hexacon.fr/hexacon-2024/ As always, thanks again for our committee members who are willing to dedicate some of their valuable time to assess and review the submissions!

Registration for trainings is now open! ⏳ Don't miss your chance to learn from the best and have a great time in Paris 🥐 hexacon.fr/register/

The team is getting ready for the next #Pwn2Own with some good stuff, stay tuned 😉

Here we are! 🥷 Masters of pwn for the third time 🎉 Congratulations to all the ninjas involved! #Pwn2Own

Have you ever wondered what the attack surface of Counter Strike: Global Offensive looks like? Our ninjas @myr463 and @v1csec studied it and found a server to client bug! Read more details about this research in our latest blogpost. synacktiv.com/publications/e…

Our ninja @masthoon solved a tough challenge during @PotluckCTF with an ingenious approach: he built a decompiler for a custom ISA by lifting instructions to Binary Ninja IL. Read the "Pot of Gold" write-up (kudos to @bl4sty for creating the challenge): synacktiv.com/publications/l…

Here is a tool that helped me looking for tricky ROP gadgets when manual search failed 🔎 Grab a Windows user-dump of your target, write a pre/post condition and let it try to emulate every candidate in the address space. github.com/0vercl0k/rp-bf…