laxa
@l4x4
Followers
689
Following
366
Media
10
Statuses
606
RT @Synacktiv: 🚨 Still a few days to register for our Azure Intrusion for Red Teamers training at #BHUSA! Very hands-on, full kill chain fr….
0
18
0
RT @Synacktiv: 🚗🔌 We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging ca….
0
46
0
You can read the technical details of an authentication bypass I discovered with my colleague @alexisdanizan on SAP FC.
While performing penetration tests on SAP Financial Consolidation, our ninjas @l4x4 and @alexisdanizan discovered an authentication bypass for local accounts including the built-in ADMIN account, leading to the underlying system compromise:
0
1
12
RT @Synacktiv: Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromi….
0
263
0
RT @hexacon_fr: 🚨 Conference tickets will be on sale next Monday (4PM UTC+2)!. 🎫 Standard price: 1320€.🎟 Reduced price: 660€*. *Reduced pri….
0
12
0
RT @Synacktiv: For the second year in a row, we managed to get first place at the #HackTheBox Business #CTF 2025! 🥇 Congratulations to @gmo….
0
24
0
RT @Synacktiv: Last chance to grab early bird tickets for our Azure Intrusion training at #BHUSA 2025! Join us in Las Vegas for 100% offens….
0
7
0
RT @Synacktiv: Want to master cutting-edge techniques for attacking Azure? Join us this summer at @BlackHatEvents in Vegas for a deep dive….
0
8
0
RT @Synacktiv: In our latest article, @croco_byte and @SScaum demonstrate a trick allowing to make Windows SMB clients fall back to WebDav….
0
95
0
Thanks to a great discovery of @yaumn_, I developed and modified a PR on impacket to enhance secrets extractions while lowering the detection rate. Read more in the detailed blogpost.
In our latest article, @l4x4 revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at
1
22
87
RT @Synacktiv: Exciting news, our Offensive Azure training has been accepted at #x33fcon! 🥳 Can’t wait to see you there and dive into the l….
0
7
0
RT @Synacktiv: In our latest article, @croco_byte proposes an implementation of a trick discovered by James Forshaw in his research. Discov….
0
92
0
RT @Synacktiv: A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in….
0
64
0
Anyone successfully authenticated using a certificate with Client Authentication, no SAN and the CN=computer.domain.tld within an Active Directory environment?.
0
1
3
RT @Synacktiv: Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏.Check out our latest blogpost by @hugow_vincent to disco….
0
144
0
Read technical details about a LPE I discovered in early 2024 coming from a SUID binary discovered without using any decompiler in
1
34
116
RT @Synacktiv: WHFB on an Entra ID enrolled laptop? Dig with @___t0___ ,@yofbalibump and @netsecurity1 on the cache mechanisms in place !.h….
0
29
0
RT @hexacon_fr: Ticket sales for #HEXACON2024 are now OPEN!. 📆 4th & 5th of October 2024.🎫 Standard price: 1210€.🎟 Reduced price: 660€. htt….
0
18
0
RT @Synacktiv: Our ninjas @bak_sec and @Karion_ are on stage at @sth4ck to talk about Autel chargers pwning ⚡
0
10
0