Synacktiv

Pour les #toulousains, prochain Bière&Sécu 📅 le jeudi 28 novembre 🚩 bar le LevЯette café à partir de 18h30 Merci de vous inscrire sur le framadate : https://lnkd.in/ekHQnmfN

Earlier this year, during the security audit of a SAP infrastructure, our expert Julien EGLOFF discovered a new vulnerability in a SAP component, that allowed us to escalate privileges on the operating system hosting the SAP services and extend the compromise towards further assets. This vulnerability was reported to SAP and the security note 3438085 was released a few weeks ago to patch it. This vulnerability underscores the importance of securing SAP environments to protect critical business operations. Read the technical advisory here: https://lnkd.in/eBseFcTB

Right before Pwn2Own Ireland 2024, Baptiste MOINE found a vulnerability in Synology TC500 & BC500 security cameras, allowing him to perform a remote code execution. Synology patched it in version 1.1.3-0442, securing the devices in time for the competition. Update your devices! https://lnkd.in/eWEctv3B

Le pôle #reverse de Synacktiv vient de publier une offre de #stage 2024/2025 💡mentionner dans votre candidature : pseudo sur les plateformes (root-me, HTB; etc), projets personnels techniques, vos motivations 🧠 étudiant en fin d'étude 📅 6 mois 📍#Paris, #Toulouse, #Rennes, #Lille et #Lyon Pour postuler : apply+reverse@synacktiv.com A bientôt

Thank you Yann F. for the feedback! Looking for an offensive training for the end of the year? Come and get trained by our best ninjas during our last 2024 sessions (French): 🖥️ Nov 4: Advanced Active Directory exploitation 🌐 Dec 16: Cloud exploitation (GCP, AWS, Azure and Kubernetes) These 5-day sessions will take place in our Parisian offices and include several labs with ranging difficulty levels. All commodities are also included: lunch, laptops and goodies! Details here: https://lnkd.in/etkNHxsC Register at trainings@synacktiv.com and stay tuned for the 2025 sessions coming soon!

Bitwarden is a popular password managing software. Being open-source, it offers self-hosting capabilities with ease of use in a controlled office or home environment. Our ninja Noam Leipold explored Bitwarden server storage mechanisms looking for spicy forensic data. Read our latest blogpost to understand how Bitwarden works and decrease the time between a breach and a completed analysis: https://lnkd.in/e7yGTFZM

Episode 3 of our "Quantum Readiness" series of blog posts is out! This latest article written by 0poss aims at giving a rough introduction to lattices in the context of cryptography. https://lnkd.in/excvcpz8

What a team! We're so proud to have Guillaume Chaudon, Julien CLEMENT and Paul Viel qualified for #ECSC2024 with #TeamFrance 💪

We have just published our security advisory for a vulnerability (CVE-2024-47910) discovered earlier this year by Clément A. and ☀️ Hugo Vincent in SonarQube. This flaw was exploited during our red team assessment on the #Paris2024 infrastructure, where it escalated from a weak password on the admin interface to a full GitHub organization takeover! Read about it here: https://lnkd.in/eKbWX5HD If you want to find out more about this engagement, come and join us at our talk at Les Assises on Wed 9th Oct. at 16h, in collaboration with Paris 2024 and Eviden!

So nice to meet you at our booth 😊 #HEXACON2024