Mehdi Talbi
@mtalbi.bsky.social
Reposted by Mehdi Talbi
A big shout-out to the #Synacktiv team for their strong performance at the latest #Pwn2Own competition in Cork!
They proudly secured third place overall 👏
Next stop: Tokyo for the upcoming edition 🇯🇵 👀
More details on the targets and participants here ℹ️
www.zerodayinitiative.com/blog/2025/20...
They proudly secured third place overall 👏
Next stop: Tokyo for the upcoming edition 🇯🇵 👀
More details on the targets and participants here ℹ️
www.zerodayinitiative.com/blog/2025/20...
October 31, 2025 at 3:54 PM
A big shout-out to the #Synacktiv team for their strong performance at the latest #Pwn2Own competition in Cork!
They proudly secured third place overall 👏
Next stop: Tokyo for the upcoming edition 🇯🇵 👀
More details on the targets and participants here ℹ️
www.zerodayinitiative.com/blog/2025/20...
They proudly secured third place overall 👏
Next stop: Tokyo for the upcoming edition 🇯🇵 👀
More details on the targets and participants here ℹ️
www.zerodayinitiative.com/blog/2025/20...
Reposted by Mehdi Talbi
Following their presentation at @hexacon.bsky.social, @mtalbi.bsky.social & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
Paint it blue: Attacking the bluetooth stack
Paint it blue: Attacking the bluetooth stack
www.synacktiv.com
October 27, 2025 at 4:02 PM
Following their presentation at @hexacon.bsky.social, @mtalbi.bsky.social & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
Confirmed! David Berard of @synacktiv.com used a pair of bugs to exploit the Ubiquiti AI Pro in the Surveillance Systems category. The impressive display (incl. a round of Baby Shark) earns him $30,000 and 3 Master of Pwn Points. #Pwn2Own
October 23, 2025 at 3:44 PM
Reposted by Mehdi Talbi
Confirmed! David Berard of @synacktiv.com used a pair of bugs to exploit the Ubiquiti AI Pro in the Surveillance Systems category. The impressive display (incl. a round of Baby Shark) earns him $30,000 and 3 Master of Pwn Points. #Pwn2Own
October 23, 2025 at 1:31 PM
Confirmed! David Berard of @synacktiv.com used a pair of bugs to exploit the Ubiquiti AI Pro in the Surveillance Systems category. The impressive display (incl. a round of Baby Shark) earns him $30,000 and 3 Master of Pwn Points. #Pwn2Own
Reposted by Mehdi Talbi
🎥 Eyes wide shut! David Berard of @synacktiv.com just breached the @Ubiquiti AI Pro surveillance system at #Pwn2Own. He also serenaded us with round of "Baby Shark" played through the speaker. He's off to the disclosure room with an ear worm and the details.
October 23, 2025 at 11:10 AM
🎥 Eyes wide shut! David Berard of @synacktiv.com just breached the @Ubiquiti AI Pro surveillance system at #Pwn2Own. He also serenaded us with round of "Baby Shark" played through the speaker. He's off to the disclosure room with an ear worm and the details.
Reposted by Mehdi Talbi
Confirmed! The team from @synacktiv.com used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:11 PM
Confirmed! The team from @synacktiv.com used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points. #Pwn2Own
Reposted by Mehdi Talbi
Congrats to tek and anyfun for landing the first successful entry at #Pwn2OwnCork - exploiting a stack overflow on Synology BeeStation Plus for $40,000 and 4 Master of Pwn points in the process 💥
Let’s keep pushing 💪
#P2OIreland #Synacktiv
Let’s keep pushing 💪
#P2OIreland #Synacktiv
October 21, 2025 at 3:32 PM
Congrats to tek and anyfun for landing the first successful entry at #Pwn2OwnCork - exploiting a stack overflow on Synology BeeStation Plus for $40,000 and 4 Master of Pwn points in the process 💥
Let’s keep pushing 💪
#P2OIreland #Synacktiv
Let’s keep pushing 💪
#P2OIreland #Synacktiv
Reposted by Mehdi Talbi
Impressive work from our team today at #Pwn2Own!
@mtalbi.bsky.social and Matthieu just pulled off an exploit on the Philips Hue Bridge without laying a finger on the device!
Great demonstration of Synacktiv’s offensive expertise 👏
Come on 🔥
@mtalbi.bsky.social and Matthieu just pulled off an exploit on the Philips Hue Bridge without laying a finger on the device!
Great demonstration of Synacktiv’s offensive expertise 👏
Come on 🔥
October 22, 2025 at 3:36 PM
Impressive work from our team today at #Pwn2Own!
@mtalbi.bsky.social and Matthieu just pulled off an exploit on the Philips Hue Bridge without laying a finger on the device!
Great demonstration of Synacktiv’s offensive expertise 👏
Come on 🔥
@mtalbi.bsky.social and Matthieu just pulled off an exploit on the Philips Hue Bridge without laying a finger on the device!
Great demonstration of Synacktiv’s offensive expertise 👏
Come on 🔥
Reposted by Mehdi Talbi
📢"Paint it Blue: Attacking the Bluetooth stack" by Mehdi Talbi and Etienne Helluy-Lafont
October 3, 2025 at 3:58 PM
📢"Paint it Blue: Attacking the Bluetooth stack" by Mehdi Talbi and Etienne Helluy-Lafont
Reposted by Mehdi Talbi
Aaaand the first talk to be announced is... 🥁
Exploiting the Undefined: PWNing Firefox by Settling its Promises by Tao Yan & Edouard Bochin
Exploiting the Undefined: PWNing Firefox by Settling its Promises by Tao Yan & Edouard Bochin
September 12, 2025 at 9:18 AM
Aaaand the first talk to be announced is... 🥁
Exploiting the Undefined: PWNing Firefox by Settling its Promises by Tao Yan & Edouard Bochin
Exploiting the Undefined: PWNing Firefox by Settling its Promises by Tao Yan & Edouard Bochin
Reposted by Mehdi Talbi
It's already #SSTIC2025 day 2! @remi-j.bsky.social and us3r present the Windows kernel shadow stack mitigation 🪟
June 5, 2025 at 9:08 AM
It's already #SSTIC2025 day 2! @remi-j.bsky.social and us3r present the Windows kernel shadow stack mitigation 🪟
Reposted by Mehdi Talbi
📢 Our Call For Papers is open until 14 July!
➡️ Details & benefits: www.hexacon.fr/conference/c...
Also, conference tickets will be on sale today at 4PM (UTC+2)
➡️ Details & benefits: www.hexacon.fr/conference/c...
Also, conference tickets will be on sale today at 4PM (UTC+2)
June 2, 2025 at 10:04 AM
📢 Our Call For Papers is open until 14 July!
➡️ Details & benefits: www.hexacon.fr/conference/c...
Also, conference tickets will be on sale today at 4PM (UTC+2)
➡️ Details & benefits: www.hexacon.fr/conference/c...
Also, conference tickets will be on sale today at 4PM (UTC+2)
Reposted by Mehdi Talbi
In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b.bsky.social took a long journey down a rabbit hole to understand its root cause.
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
iOS 18.4 - dlsym considered harmful
Observations We first observed the bug in a custom iOS application compiled for the arm64e architecture (thus supporting PAC instructions).
www.synacktiv.com
April 10, 2025 at 1:22 PM
In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b.bsky.social took a long journey down a rabbit hole to understand its root cause.
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
Reposted by Mehdi Talbi
Hackers rejoice!
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
.:: Phrack Magazine ::.
Phrack staff website.
phrack.org
February 15, 2025 at 3:02 PM
Hackers rejoice!
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
We are releasing the Phrack 71 PDF for you today!
Don't forget this year is Phrack's 40th anniversary release! Send in your contribution and be part of this historical issue!
The CFP is still open, you can find it and the PDF link at phrack.org
Reposted by Mehdi Talbi
Ten Years of Rowhammer: A Retrospect (and Path to the Future)
fahrplan.events.ccc.de/congress/202...
From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11
fahrplan.events.ccc.de/congress/202...
fahrplan.events.ccc.de/congress/202...
From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11
fahrplan.events.ccc.de/congress/202...
Ten Years of Rowhammer: A Retrospect (and Path to the Future) 38C3
The density of memory cells in modern DRAM is so high that disturbance errors, like the Rowhammer effect, have become quite frequent. An attacker can exploit Rowhammer to flip bits in inaccessible mem...
fahrplan.events.ccc.de
December 26, 2024 at 8:11 AM
Ten Years of Rowhammer: A Retrospect (and Path to the Future)
fahrplan.events.ccc.de/congress/202...
From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11
fahrplan.events.ccc.de/congress/202...
fahrplan.events.ccc.de/congress/202...
From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11
fahrplan.events.ccc.de/congress/202...
Reposted by Mehdi Talbi
We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy!
phrack.org
phrack.org
December 16, 2024 at 10:56 PM
We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy!
phrack.org
phrack.org