iOS for Security Engineers by Quentin Meffre (@0xdagger) and Victor Cutillas (@v1csec) 📅 Oct 12-15 📍 Espace Vinci or Espace Cléry, Paris 2nd 👉 hexacon.fr/trainer/ios_for_s…

So glad to finally be able to present this research at @BlackHatEvents Asia! Blogposts are coming soon, on the menu: LPE via local NTLM reflection and RCE via a new arbitrary Kerberos authentication coercion technique 👀

Double trouble at #SOCON2026! Our ninja @kalimer0x00 was busy breaking down Microsoft SCCM (once again!), while @croco_byte unveiled new GPO-based attack paths & his latest BloodHound contributions targeting OUs & AD Sites. Awesome job! 👏

On se retrouve demain à partir de 19h ! 👇🏼 📍Boulangerie Bar - 02/03 (salle du bas)

Le prochain meetup aura lieu ce lundi 02/03👾 Au programme : - @Lefnui : Fonctionnement d’un DRM - @4rchib4ld : La Corée du nord et le remote 📍Boulangerie Bar - 02/03 à partir de 19h (Salle du bas)

Proud to finally share the write-up of our VMware Workstation escape from P2O Berlin 2025, featuring a generic bypass for Windows LFH mitigations using side-channels. I hope it will be as fun to read as it was to exploit! x.com/Synacktiv/status/20157…

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇 synacktiv.com/en/publication…

Something big is coming... @Bug_Recon

In a normal world, this should be an immense scandal in Europe. Le Monde has a long article (lemonde.fr/international/art…) describing the hellish life of Nicolas Guillou, a French judge at the ICC in The Hague, due to U.S. sanctions punishing him for authorizing arrest warrants against Netanyahu and Gallant for war crimes in Gaza. Guillou's daily existence has been transformed into a Kafkaesque nightmare. He cannot: open or maintain accounts with Google, Amazon, Apple, or any US company; make hotel reservations (Expedia canceled his booking in France hours after he made it); conduct online commerce, since he can't know if the packaging is American; use any major credit card (Visa, Mastercard, Amex are all American); access normal banking services, even with non-American banks, as banks worldwide close sanctioned accounts; conduct virtually any financial transaction. He describes it as being "economically banned across most of the planet," including in his own country, France, and where he works, the Netherlands. That's the real shocking aspect of this: the Americans are: - punishing a European citizen - for doing his job in Europe - applying laws Europe officially supports - at an institution based in Europe - that Europe helped create and fund and Europe is not only doing essentially nothing to protect him, they're actively enforcing America's sanctions against their own citizen - European banks closing his accounts, European companies refusing him service, European institutions standing by while Washington destroys a European judge's life on European soil. Again, in a normal world, European leaders and citizens should be absolutely outraged about this. But we've so normalized the hollowing out of European sovereignty that the sight of a European citizen being economically executed on European soil for upholding European law is treated, at best, as an unfortunate technical complication in transatlantic relations.

Watch how reflection attacks are still a thing in 2025 on the livestream where @yaumn_ and I will present how we discovered and analyzed CVE-2025-33073 !

That's a wrap for Hexacon 2025! We hope that you've enjoyed the event at least as much as we did 🤩 Please take a moment to fill out our satisfaction survey and help us make Hexacon 2026 even better 🔥 Thank you for trusting us year after year 🙏

The web is a prime target for attackers. Want to refine your intrusion methods? Join our ‘Attacking Web Applications’ training course from 17 to 21 November! ▪️ 5 days of expertise ▪️ 35 hours of lessons, more than 30 exercises ▪️ Java, PHP, Python, ASP.NET... Information & registration via 👇 synacktiv.com/en/offers/trai…

Hello ! Rendez-vous ce lundi 29/09 pour le meetup de septembre ! 👾 On parlera CTI avec @4rchib4ld Au programme : - Iranian APT tracking 📍Boulangerie Bar - 29/09 à partir de 19h (Salle du bas) #Lille #Cyber #infosec

Bonjour je tente le tout pour le tout ici on sait jamais. Ma copine recherche un job en consultant GRC à Rennes ou aux alentours. Elle a une bonne expérience et elle vient de finir ses études en alternance. Elle a trouvé un CDI à Paris mais elle tient vraiment à rester à Rennes.

🧑‍🎓 Boost your offensive Active Directory skills with our Entry & Advanced trainings. Hands-on labs with dozens of machines latest research from DEFCON, x33fcon & more! Seats are limited, don’t miss out! 🔗 Entry: synacktiv.com/en/offers/trai… 🔗 Advanced: synacktiv.com/en/offers/trai…

@Formation_bzh annule à J-15 la 1re année BTS SIO SLAM (11 admissibles). Une honte ! Pour les jeunes : nouvelle école à trouver, alternance, logements... Traitement inhumain de ses jeunes considérés comme des lignes d'un tableau excel. On attend des réponses. #ESNA #UIMM

Imagine having the master key to a building: that’s what the APP_KEY is for Laravel app. With it, an attacker can craft a payload that Livewire doesn’t see as harmful. Join @_remsio_ & @_Worty at #NullconBerlin2025 Know More: nullcon.net/berlin-2025/spea… #Laravel #APP_KEY

iOS for Security Engineers by Quentin Meffre (@0xdagger) & Etienne Helluy-Lafont hexacon.fr/trainer/meffre_he…

Le workshop active directory c’est ce soir 21h zone 2 room 2 à #leHack ! 2 domaines vous attendent sous le thème Star Wars 😁

☁️ Already wrapping up our 3-day offensive Azure training at #x33fcon! Huge thanks to the x33fcon team for hosting us, and to all our amazing students for their energy, curiosity, and sharp questions throughout the session. Now it’s time to switch gears — conference mode on! 🎤