So proud to talk for the first time at @offensive_con about how fun it is to escape the Safari sandbox!

We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. https://t.co/AE0vBXEcob

A look back at our ninjas' first day at @Hexacon! We are proud of our experts Quentin and Etienne, who are leading the ‘iOS for Security Engineers’ training course. At the same time, Matthieu and Paul are hard at work on the ‘Azure intrusion for red teamers’ training course!

Writeup for CVE-2025-24085, an ITW mediaplaybackd vulnerability patched earlier this year

MTE in libPas 👀

That time when @tehjh was just reviewing a new Linux kernel feature, found a security vuln, then went on a journey to see if he could exploit it from inside the Chrome Linux Desktop renderer sandbox (spoiler: very yes) https://t.co/Atc6toEdAj

We dissect a DFG compiler bug we discovered in Safari/WebKit. This post covers root cause, impact, and technical analysis: https://t.co/Q4IOsQ9dP8 #WebKit #VulnerabilityResearch #ExploitDev #Safari #CyberSecurity #ExodusIntel

Not their best picture but definitely THE best hands-on iOS training! Come and see for yourself how Etienne and Quentin master iOS! ⚠️ Warning, risk of massive skills overflow ⚠️

🚨 Still a few seats left for our iOS for Security Engineers training at #HEXACON2025! 4‑day hands-on labs to explore the iOS ecosystem and prepare for vulnerability research. 📍 Paris, Oct 6‑9 ➡️

If you are planning to learn about iOS, don't miss this training. Quentin and Etienne are exceptional researchers. No CVE ≠ no 0-days 😉😇

It's never too late to start vulnerability research on iOS! Our training has been made by experienced iOS security researchers for newcomers in the iOS area who want to start developing "extremely sophisticated attacks"! :-)

Interesting WebContent PAC bypass

Don't miss our 2 trainings 😉 🍎 iOS for Security Engineers ☁️ Azure intrusion for red teamers

Just wrapped up two fantastic training sessions at #Hexacon! A big thank you to everyone who joined us for our deep dives into Active Directory/Azure and iOS internals. It was great to share knowledge and learn together!

Escaping the Safari Sandbox: A tour of WebKit IPC #MobileSecurity #iOSsecurity [SLIDES] by @Synacktiv https://t.co/cSnAac9Kee

Half the tickets already sold! Checkout our four-day trainings on advanced AD and Azure exploitation and iOS internals at Hexacon in Paris this year (Sept 30th - Oct 3rd): 🌐 https://t.co/33oRFOFgmh 🍎

iOS is being touted as the "most secure OS", but is this claim substancial? Discover the many security features implemented by Apple with "iOS for Security Engineers" training: ➡️ https://t.co/o0ulZWXILO 📆 30/09-03/10 2024 📍Espace Vinci, Rue des Jeuneurs, Paris

A few tickets for #HEXACON2024 are still on sale, don't miss them! Register for our top-notch trainings and learn from the best in the industry 🎓 https://t.co/vZUo5mOvyw

#OffensiveCon24 videos are now up!

WebKit developpers are always Faster Than Light 🙂

Slides of my @offensive_con talk are available: