Publications

macOS XPC Exploitation - Sandbox Share case study

mer 08/09/2021 - 12:59 Usually we don't do blog posts about CTF challenges but we recently stumbled across a challenge that was a good opportunity to talk about several macOS/iOS internals, security mechanisms and exploit methods...

HTB Business CTF Write-ups

lun 02/08/2021 - 13:01 Synacktiv participated in the first edition of the HackTheBox Business CTF, which took place from the 23rd to the 25th of July. The event included multiple categories: pwn, crypto, reverse, forensic, cloud, web and fullpwn (standard HTB boxes). We managed to get 2nd place after a fierce competition. We had quite a lot of fun so we decided to publish write-ups of the most interesting challenges we solved.

RM -RF IS THE ROOT OF ALL EVIL

jeu 27/05/2021 - 16:00 There are some days where things do not go your way. And there are some other days where they go catastrophically wrong. Several months ago, I had the unfortunate experience of wiping 2 years of my work. This blogpost explains why this tragedy happened and what I did to recover some critical data from the ashes of my SSD.

Izi Izi, Pwn2Own ICS Miami

mar 28/07/2020 - 14:36 ZDI announced last year a new entry in it's yearly contest "Pwn2Own". After the Vancouver edition focused on Desktop software and Tokyo specialized in smartphones, there is now a third location in Miami dedicated to industrial software also known as ICS or SCADA.

SharkyCTF - EZDump writeups / Linux Forensics introduction

mar 12/05/2020 - 12:40 This weekend was held the Sharky CTF, organized by students of ENSIBS. A series of 7 forensic challenges concerning a same machine memory dump was proposed. They make a great introduction to memory forensic in Linux, from the creation of a specific Volatility profile, to the reverse engineering of a rootkit installed on the machine. Stay sit, here is the writeup!

Advent ctf 2019 overthewire - day2 writeup

dim 05/01/2020 - 12:12 The advent ctf organized by overthewire proposed various challenges that would unlock on a daily basis (like an advent calendar). I found day number 2 (made by hpmv) quite challenging and super fun to solve! It involved crypto, network and rev in a blackbox environment. The full source code used to solve this challenge is available here https://github.com/majin42/adventctf_otw_day2

FIC2020 prequals CTF write-up

jeu 19/12/2019 - 11:30 We took part to FIC2020's prequals CTF, organized by the French team Hexpresso with a team made of @dzeta, @laxa, @swapgs and @us3r777. We managed to finish second, so here is our writeup!

BFS 2019 Exploitation Challenge

mar 17/09/2019 - 16:35 On September 7th, 2019, BFS published an exploitation challenge on Windows 10 x64 to win an entry for the BFS-IOACTIVE party during the Ekoparty conference. This blogpost aims at describing a successful resolution of the challenge.

2019 summer challenge writeup

mar 30/07/2019 - 10:39 The 2019 summer challenge is now closed! This was a bit of a departure from the usual hardened binaries, as it showcased a programming model that is not a distant relative of the Turing machine. This article will give a high level overview of the challenge's solution, and some behind-the scenes comments.

2019 summer challenge: Alonzo!

mar 18/06/2019 - 10:37 The Synacktiv summer challenge is back!