From Pwn2Own Automotive 2026 Day 1: Synacktiv vs. Tesla YouTube video by TrendAI Zero Day Initiative

In a highlight from Day One of #Pwn2Own Automotive 2026, @synacktiv.com targets the #Tesla infotainment system. #P2OAuto
youtube.com/shorts/DKYT-...

Verified! Synacktiv (@synacktiv) targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add‑on. In Round 2, they exploited one stack‑based buffer overflow, earning $30,000 USD and 5 Master of Pwn points. #Pwn2Own #P2OAuto

Our ninjas are in Vienna for the T-REX conference!

🎤 @kevintell.bsky.social delivered a session exploring advanced Red Team lateral movement techniques built on DCOM - a great opportunity to exchange practices with fellow experts.

Thank you to the @oenb.at for hosting such a great event!

[Le Big Bang de l’Économie - Le Figaro] Cybersécurité : sommes-nous vraiment prêts ? YouTube video by Synacktiv

🇫🇷 During "Le Big Bang de l’Économie" by #LeFigaro, @kevintell.bsky.social gave a live pentest demo, showing how easily data can be exposed when systems aren’t properly secured: youtu.be/XVJUF1zt1FE

👉 Watch the whole show: video.lefigaro.fr/figaro/econo...

Catching Credential Guard Off Guard - SpecterOps Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.

Credential Guard was supposed to end credential dumping. It didn't.

Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.

Read for more: ghst.ly/4qtl2rm

The Phantom Extension: Backdooring chrome through uncharted pathways The Phantom Extension: Backdooring chrome through uncharted pathways

How safe is your browser?
Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers.
Read more here ⬇️
www.synacktiv.com/en/publicati...

DCOM Again: Installing Trouble - SpecterOps DCOM lateral movement BOF using Windows Installer (MSI) Custom Action Server - install ODBC drivers to load and execute DLLs

Lateral movement getting blocked by traditional methods?

@werdhaihai.bsky.social just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code. ghst.ly/4pN03PG

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...

🧑‍🎓 Boost your offensive Active Directory skills with our Entry & Advanced trainings. Hands-on labs with dozens of machines + latest research from DEFCON, x33fcon & more! Seats are limited, don’t miss out!
🔗 Entry: www.synacktiv.com/en/offers/tr...
🔗 Advanced: www.synacktiv.com/en/offers/tr...

DCOM is everywhere, but its inner workings feel like black magic. 🪄 Unveil the mystery with @kevintell.bsky.social's new article on DCOM basics. Trust us, it's way cooler than it sounds!

www.synacktiv.com/en/publicati...

Should you trust your zero trust? Bypassing Zscaler posture checks Introduction Posture checks are a key component of zero trust architectures.

🔒 Can you really trust your zero trust? We (re)discovered a vulnerability in Zscaler Client Connector that allowed bypassing device posture checks, and it was still exploitable in the wild. Full technical deep dive + remediation tips 👉 www.synacktiv.com/en/publicati...

🚨 Still a few days to register for our Azure Intrusion for Red Teamers training at #BHUSA! Very hands-on, full kill chain from zero to Global Admin with stealth in mind. Secure your seat now! www.blackhat.com/us-25/traini...

Our ninja @kalimer0x00.bsky.social is now on stage at #x33fcon to talk about his journey from dissecting SCCM until the discovery of the critical CVE-2024-43468 and the post-exploitation opportunities🔥

Azure intrusion for red teamers

by Paul Barbé & Matthieu Barjole

www.hexacon.fr/trainer/barb...

From NTLM relay to Kerberos relay: Everything you need to know While I was reading Elad Shamir recent excellent post about NTLM relay attacks, I decided to contribute a companion piece that dives into the mechanics of Kerberos relays, offering an analysis and …

I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️
decoder.cloud/2025/04/24/f...

That's all folks! 👋 Thank you to everyone who attended & presented talks during our #SOCON2025 conference days. Our training courses kickoff tomorrow at 9AM back at Convene.

Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team!
Find out if you are a good candidate by reading our offer (🇫🇷).
www.synacktiv.com/responsable-...

It's great ! But would you consider a local alternative as sending customer data to a third party service during engagement is a big turn off for me

I had the privilege to attend this training at Synacktiv and it might be the best training you can get when it comes to Azure given by two guy who does Red Team all year round on this subject. Don't wait !

Abusing multicast poisoning for pre-authenticated Kerberos relay over HTTP with Responder and krbrelayx

In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research regarding Kerberos relaying. Discover how to perform pre-authenticated Kerberos relay over HTTP with our Responder and krbrelayx pull requests!
www.synacktiv.com/publications...

Yay! Our offensive Azure training was accepted at BlackHat USA 2025 🥳 Can't wait to see you there and share cutting-edge techniques for attacking Azure environments!