Load.

Finally, after many months of work, @_Worty and I finally finished putting all the pieces together to show you each detail of our research on Livewire. Hope you will enjoy it 😁

🚨 RCE in #Livewire (CVE-2025-54068)! Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing. 🔗 Patch now! (v3.6.4+) synacktiv.com/en/publication…

HID recently disclosed HID-PSA-2025-002, a critical flaw in the #ActivID Authentication Appliance 8.7. In our new blog post, @us3r777 and @__pierreg break down exactly how they uncovered it, from methodology to exploitation 💡 Read it here ⬇️ synacktiv.com/en/publication…

The web is a prime target for attackers. Want to refine your intrusion methods? Join our ‘Attacking Web Applications’ training course from 17 to 21 November! ▪️ 5 days of expertise ▪️ 35 hours of lessons, more than 30 exercises ▪️ Java, PHP, Python, ASP.NET... Information & registration via 👇 synacktiv.com/en/offers/trai…

The GroupPolicyBackdoor tool, presented at #DEFCON 2025, is now available on Synacktiv's GitHub: github.com/synacktiv/Grou… This python utility offers a stable, modular and stealthy exploitation framework targeting Group Policy Objects in Active Directory!

gpoParser, which I presented at #leHACK2025 and #DEFCON, is available here: github.com/synacktiv/gpoP… It is a specialized utility designed to enumerate Group Policy Objects (GPOs) and identify potential security misconfigurations.

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc @kalimer0x00 @quent0x1 @wil_fri3d

🔒 Can you really trust your zero trust? We (re)discovered a vulnerability in Zscaler Client Connector that allowed bypassing device posture checks, and it was still exploitable in the wild. Full technical deep dive + remediation tips 👇 synacktiv.com/en/publication…

Don't miss @kalimer0x00 at #DEFCON33! His talk, "SCCM: The Tree That Always Bears Bad Fruits", covers modern attack paths and abuse techniques in Microsoft SCCM, with a focus on internals, post-exploitation, and persistence! #content_60392" target="_blank" rel="nofollow noopener">defcon.org/html/defcon-33… #DEFCON #SCCM

Catch us at #DEFCON33! @quent0x1 and @wil_fri3d will show how to turn your Active Directory into the attacker’s C2. They'll dive deep into how Group Policy Objects can be leveraged for stealthy enumeration and privilege escalation! #content_60387" target="_blank" rel="nofollow noopener">defcon.org/html/defcon-33… #DEFCON #ActiveDirectory

That's a wrap on our Azure Intrusion for Red Teamers training at #BHUSA! 4 intense days from zero to Global Admin via Entra ID, M365, resources, DevOps, Intune & more 🔥 Huge thanks to all our participants and next stop: #HEXACON2025, Paris, Oct 6 🇫🇷

We made it to MSRC 2025 Most Valuable Security Researcher leaderboard 🥳 Congratulations to all the other researchers! msrc.microsoft.com/leaderboard

🔐 Data encryption in Laravel environments is based on one secret: the APP_KEY. Our ninja @_remsio_ studied the impact of its leakage on the internet during an entire year. synacktiv.com/en/publication…

@wil_fri3d now rocking the stage at #leHACK to present his new tool GPOParser to automate Active Directory GPOs analysis, get intel and identify new attack paths!

Our ninja @kalimer0x00 is now on stage at #x33fcon to talk about his journey from dissecting SCCM until the discovery of the critical CVE-2024-43468 and the post-exploitation opportunities🔥

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. synacktiv.com/publications/n…

For our last talk, @croco_byte explains how to exploit SCCM policies to harvest credentials 🔑 #SSTIC2025

It's now time for @aevy__ and Paul Barbe to present Azure conditional access policies ☁️ #SSTIC2025

For our second talk of the day, @flgy presents Mofos, a virtual machines manipulation framework to mimic QubesOS on a standard Linux distribution #SSTIC2025

For the second year in a row, we managed to get first place at the #HackTheBox Business #CTF 2025! 🥇 Congratulations to @gmo_ierae and Downscope and thanks to @hackthebox_eu for the fun challenges! 🥳