Publications

What could go wrong when MySQL strict SQL mode is off?

02/10/2025 This article shows some examples of attacks that can abuse MySQL behavior when the strict SQL mode is disabled, especially when string characters are invalid in the current encoding. This happens when the encoding of the application (e.g. UTF-8) is wider than that of the database (e.g. ASCII).

Quantum readiness: Hybridizing signatures

29/09/2025 In light of new legal requirements being enacted in many countries for software providers to adopt hybrid post-quantum cryptography, Synacktiv has initiated research into these novel cryptographic algorithms. After having studied what makes post-quantum cryptography “post-quantum” in the previous articles, we now dissect the concept of hybridization, a vital mechanism for a safe transition. This first article focuses on hybridizing signature schemes, while a follow-up one will tackle key exchanges.

appledb_rs, a research support tool for Apple platforms

25/09/2025 Over the years, research on Apple platforms has become significantly more complex, largely due to the numerous countermeasures deployed by the Cupertino company. To address this challenge during our missions on these platforms, we developed appledb_rs: an open-source tool (https://github.com/synacktiv/appledb_rs) that extracts data from IPSW files (archives containing Apple firmware) and organizes it in a structured way, facilitating exploration and analysis.

The Phantom Extension: Backdooring chrome through uncharted pathways

23/09/2025 The increasing hardening of traditional Windows components such as LSASS has pushed attackers to explore alternative entry points. Among these, web browsers have emerged as highly valuable targets since they are now the primary gateway to sensitive data and enterprise cloud services. Numerous secrets, including tokens and credentials, flows through browsers, and their compromise can provide attackers with extensive access across an organization. This article presents a little-known technique for compromising Chromium-based browsers wi...

Exploring GrapheneOS secure allocator: Hardened Malloc

22/09/2025 GrapheneOS is a mobile operating system based on Android and focusing on privacy and security. To enhance further the security of their product, GrapheneOS developers introduced a new libc allocator : hardened malloc. This allocator has a security-focused design in mind to protect processes against common memory corruption vulnerabilities. This article will explain in details its internal architecture and how security mitigation are implemented from a security researcher point of view.

Dissecting DCOM part 1

15/09/2025 This is the first article on the "Dissecting DCOM" series. This article aims at giving an introduction to the base principles of COM and DCOM protocols as well as a detailed network analysis of DCOM. No previous knowledge is required. The following articles will dig into the authorization and enumeration mechanisms on COM/DCOM. This articles series aims to regroup known knowledge about DCOM in order to allow one to have the necessary tools for vulnerability research on DCOM.

2025 summer challenge writeup

12/09/2025 Last month we organised the Synacktiv Summer Challenge 2025, an event featuring an original challenge based on Podman archive formats. Many of you spent several hours working on it: we received over thirty attempts! This article aims to present and explain in detail the different steps involved in designing an optimal solution.

Extraction of Synology encrypted archives - Pwn2Own Ireland 2024

11/08/2025 This article features the reverse engineering of Synology encrypted archives extraction libraries and the release of a script able to decrypt these archives. The tool is available on Synacktiv's GitHub.

Should you trust your zero trust? Bypassing Zscaler posture checks

08/08/2025 Zscaler is widely used to enforce zero trust principles by verifying device posture before granting access to internal resources. These checks are meant to provide an additional layer of security beyond credentials and MFA. In this blogpost, we present a vulnerability that allowed us to bypass Zscaler’s posture verification mechanism. Although the issue has been patched for quite some time now, we observed it still being exploitable in several environments during recent engagements. This post details the configuration of the Zscaler c...

2025 Summer Challenge: OCInception

31/07/2025 The last Synacktiv summer challenge was in 2019, and after 6 years, it's back. Send us your solution before the end of August, there are skills to learn and prizes to win! This challenge is inspired by code golfing, where the goal is to produce the smallest program implementing a feature. But this time, it will be about creating the smallest self-replicating Podman image archive...