Underground control to Major_Tom. Security ninja @Synacktiv CTF Player @SentryWhale
Joined April 2013
- Tweets 1,831
- Following 385
- Followers 3,064
- Likes 2,072
19 Photos and videos
Major_Tom retweeted
Jun 2
🔥 Excited to announce our keynote!
We are thrilled to welcome Bruce Dang (@brucedang) and Thai Duong (@XorNinja) from @calif_io! With all their recent AI buzz, we had to check they aren't just LLMs in a trench coat. 🤖🧥
🎟️ Ticketing opens this Thursday at 2:00 PM CEST ⏰
1
27
80
8,611
Jan 26
Proud to finally share the write-up of our VMware Workstation escape from P2O Berlin 2025, featuring a generic bypass for Windows LFH mitigations using side-channels.
I hope it will be as fun to read as it was to exploit!
x.com/Synacktiv/status/20157…
Jan 26
At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller.
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 Full technical write-up 👇
synacktiv.com/en/publication…
1
28
188
17,880
Major_Tom retweeted
Jan 26
At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller.
Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit.
🔍 Full technical write-up 👇
synacktiv.com/en/publication…
4
150
531
49,673
Major_Tom retweeted
17 May 2025
Confirmed! Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own
21
124
13,305
Major_Tom retweeted
17 May 2025
Boom! Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) close out #Pwn2Own in style with a guest-to-host escape in VMware Workstation. If confirmed, it will put the total contest payout at over $1,000,000! #Pwn2Own
1
28
210
15,919
Major_Tom retweeted
17 May 2025
A successful collision! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics used 2 bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 & 11.5 Master of Pwn points. #Pwn2Own
1
6
61
6,991
Major_Tom retweeted
10 Apr 2025
In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b took a long journey down a rabbit hole to understand its root cause.
synacktiv.com/en/publication…
2
61
158
20,523
Major_Tom retweeted
25 Oct 2024
I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk vod should hopefully be published soon.
github.com/PS5Dev/Byeperviso…
42
118
640
99,743
Major_Tom retweeted
29 Sep 2024
Feels great when an idea can finally be tested and works out after like a year :)
Shouts to ChendoChap for working out the ROP chain. Protip: staying < 3.00 is a good idea.
50
86
757
125,032
Major_Tom retweeted
30 Apr 2024
Decided to publish PPPwn early. The first PlayStation 4 Kernel RCE. Supporting FWs upto 11.00.
github.com/TheOfficialFloW/P…
332
922
4,644
629,158
Major_Tom retweeted
26 Jan 2024
Here we are! 🥷 Masters of pwn for the third time 🎉 Congratulations to all the ninjas involved! #Pwn2Own
19
46
329
24,465
Major_Tom retweeted
17 Nov 2023
For the second talk of the day, @OnlyTheDuck and @MajorTomSec present their methodology on attacking virtualization solutions. #GreHack23
10
41
5,027
Major_Tom retweeted
6 Nov 2023
🎥 Recordings of #HEXACON2023 talks are now available on our YouTube channel: youtube.com/channel/UCtzuVwP…
2
94
205
41,907
Major_Tom retweeted
13 Oct 2023
1
12
54
9,083
Major_Tom retweeted
25 Sep 2023
The program for @GrehackConf is out with 3 Synacktiv talks!
🖥️ Virtualization from an attacker Point-Of-View: @OnlyTheDuck & @MajorTomSec
🚘 Unlocking the Drive: Exploiting Tesla Model 3: @_p0ly_ & @vdehors
🐧 Ubuntu Shiftfs: Unbalanced Unlock Exploitation Attempt: @jbcayrou
22 Sep 2023
Hey folks!
We're excited to present the #GreHack23 program. You can now consult it on our website: grehack.fr/program
The first batch of tickets (including workshop & CTF) will be available on October 1, 2023 at 10:00am (UTC 2).
13
24
6,473
Major_Tom retweeted
31 Jul 2023
As announced at #FIC, @Synacktiv is opening a new office in the center of #lille with a team of 7 ninjas.
All our positions are now open in Lille 📍7 Boulevard Louix XIV.
If you want to join us : apply@synacktiv.com
6
27
2,244
kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices: github.com/felix-pb/kfd
31
115
433
183,140
Major_Tom retweeted
17 Jul 2023
📦 Breaking Out of the Box: Technical analysis of VirtualBox VM escape with Windows LPE, by Thomas Bouzerar (@MajorTomSec) and Thomas Imbert (@masthoon)
1
9
44
11,039
Major_Tom retweeted
13 Jul 2023
🔪💻 Finding and exploiting an old XNU logic bug, by Eloi Benoist-Vanderbeken (@elvanderb)
5
33
9,947
Major_Tom retweeted
25 Apr 2023
[ZDI-23-486|CVE-2023-21988] (Pwn2Own) Oracle VirtualBox GPA Request Handling Uninitialized Memory Information Disclosure Vulnerability (CVSS 6.0; Credit: @MajorTomSec from @Synacktiv) zerodayinitiative.com/adviso…
4
11
4,514