Les formations Synacktiv

🎓 Synacktiv Training Sessions 2026 are now open!

Looking to take your offensive or defensive cybersecurity skills to the next level?
Our experts deliver hands-on, high-intensity technical training, available on-site or online, in French or English.

More details 👇
www.synacktiv.com/en/offers/tr...

On stage at #x33fcon for the lightning talks! Web payloads management, EDR bypasses and insights into CVE-2025-33073🔥

It's now time for @matthieub.bsky.social and @b-paul.bsky.social to present Azure conditional access policies ☁️ #SSTIC2025

Last chance to grab early bird tickets for our Azure Intrusion training at #BHUSA 2025! Join us in Las Vegas for 100% offensive, hands-on content showcasing real-world attack techniques against modern Azure environments! @blackhatevents.bsky.social outline at www.blackhat.com/us-25/traini...

Azure intrusion for red teamers

by Paul Barbé & Matthieu Barjole

www.hexacon.fr/trainer/barb...

Hack the channel: A Deep Dive into DVB Receiver Security Introduction During a garage cleaning, we found a DVB receiver and thought it would be a great target for vulnerability research.

From firmware dumps to wireless exploration — check out our latest dive into DVB receiver analysis and the hidden attack surface it exposes!
www.synacktiv.com/en/publicati...

Want to master cutting-edge techniques for attacking Azure?
Join us this summer at @blackhatevents.bsky.social in Vegas for a deep dive into red teaming on Azure, M365, Azure DevOps, and hybrid infrastructures.
Early bird tickets available until May 23rd!
www.blackhat.com/us-25/traini...

Taking the relaying capabilities of multicast poisoning to the next level: tricking Windows SMB clients into falling back to WebDav

In our latest article, @croco-byte.bsky.social and @scaum.bsky.social demonstrate a trick allowing to make Windows SMB clients fall back to WebDav HTTP authentication, enhancing the NTLM and Kerberos relaying capabilities of multicast poisoning attacks!
www.synacktiv.com/publications...

Exciting news, our Offensive Azure training has been accepted at #x33fcon! 🥳 Can’t wait to see you there and dive into the latest techniques for attacking Azure environments!

In 2024, Fortinet deployed several patches for CVE-2023-42791 and CVE-2024-23666, discovered by @aeinot.bsky.social, @b-paul.bsky.social and load. These vulnerabilities allow, from read-only access to a FortiManager, to execute code as root and thus take control of all managed FortiGates.

NFS Security: Identifying and Exploiting Misconfigurations Understand security features, misconfigurations and technical attacks on NFS shares. Explore tools to analyze NFS endpoints and abuse misconfigurations.

www.hvs-consulting.de/en/nfs-secur...

Yay! Our offensive Azure training was accepted at BlackHat USA 2025 🥳 Can't wait to see you there and share cutting-edge techniques for attacking Azure environments!

GitHub - JumpsecLabs/TokenSmith: TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tok... TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out ...

github.com/JumpsecLabs/...

A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by jbms. You can read the advisory here:
www.synacktiv.com/advisories/l...