See you at @Milipol_Paris 2025 👋 📅 November 18-21, 2025 📍 Paris Nord Villepinte - Hall 4, Stand H063 (Forensic Zone) Meet our experts on site and discover how #REVEL·IO improves the efficiency and reliability of digital investigations 🔗 https://t.co/uwas6u5ntT

📢 NTLM reflection is dead, long live NTLM reflection: Story of an accidental Windows RCE by Wil (@wil_fri3d)

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc @kalimer0x00 @quent0x1 @wil_fri3d

That's a wrap on our Azure Intrusion for Red Teamers training at #BHUSA! 4 intense days from zero to Global Admin via Entra ID, M365, resources, DevOps, Intune & more 🔥 Huge thanks to all our participants and next stop: #HEXACON2025, Paris, Oct 6 🇫🇷

Not their best picture but definitely THE best hands-on iOS training! Come and see for yourself how Etienne and Quentin master iOS! ⚠️ Warning, risk of massive skills overflow ⚠️

🚨 Still a few seats left for our iOS for Security Engineers training at #HEXACON2025! 4‑day hands-on labs to explore the iOS ecosystem and prepare for vulnerability research. 📍 Paris, Oct 6‑9 ➡️

Ever thought your kitchen appliance could harbor a persistent threat? We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass. Discover our step-by-step breakdown! https://t.co/qDSoMYdHUK

While performing security research on IoT control applications, @Areizen_ and @Anatharrr discovered critical vulnerabilities in the mobile app for the Eachine E58 drone. These flaws could potentially lead to remote code execution on the user's smartphone. https://t.co/pQNDWr5QPJ

🚨 Still a few days to register for our Azure Intrusion for Red Teamers training at #BHUSA! Very hands-on, full kill chain from zero to Global Admin with stealth in mind. Secure your seat now! https://t.co/dvzRKQGUv9

If you are planning to learn about iOS, don't miss this training. Quentin and Etienne are exceptional researchers. No CVE ≠ no 0-days 😉😇

The "Objective-C helper" IDA plugin presented during the @sth4ck talk "Demystifying Objective-C internals" given by @v1csec is now publicly available on GitHub at https://t.co/XVmzIkYwn6 The slides are also available on our website:

Here we are! Come by our booth and say hi 😀 #OffensiveCon

Don't miss our 2 trainings 😉 🍎 iOS for Security Engineers ☁️ Azure intrusion for red teamers

In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b took a long journey down a rabbit hole to understand its root cause. https://t.co/q03QTtw373

PagedOut! #6 magazine is out! This edition features two articles from our ninjas: - Implicit Unicode behaviors in database string functions - Calling Rust from Python: A story of bindings Dive into their insights here:

Hunters International RaaS group has claimed 280+ victims since Oct 2023. Check out our latest blog post on the TTPs they use, including SMOKEDHAM malvertising & ESXi ransomware with advanced obfuscation. #RaaS #CyberSecurity #ThreatAnalysis https://t.co/uKTXH6lxog

Save the date, la seconde édition de #WineRump aura lieu: 🗓️ le vendredi 26/09/2025 📍à Bordeaux #WineRump c'est une conférence de cybersécurité avec des rumps, du vin et du jus de raisin dans une guinguette

The 2025 training season is here! 🚀 Join our best ninjas for 5-day sessions on pentesting, reverse-engineering, and forensics (in French). Check out all the dates and topics on our website:

Better late than never... My Hexacon 2023 slides for "Finding and Exploiting an Old XNU Logic Bug" and the exploit code (WITH THE ANIMATED ASCII ART 🥷🔪🍎!!!) are up https://t.co/Z3ktOkj6Gi /

Octoscan, our GitHub actions vulnerability scanner, is now available as a GitHub action! It will find vulnerabilities in new commits and pull requests, and upload it to GitHub as it now supports the SARIF file format! https://t.co/lEcnccw8H3