make prs, not war Reading time ~8 min... 2024-7-8 20:37:28 | 阅读: 16 | 收藏 | Orange Cyberdefense - sensepost.com heart symbolism symbolise rooted

Dumping LSA secrets: a story about task decorrelation While doing an internal assessment, I was able to compromise multiple computers and servers b... 2024-7-4 01:7:10 | 阅读: 32 | 收藏 | Orange Cyberdefense - sensepost.com lsa hives security secretsdump hivetest

From a GLPI patch bypass to RCE IntroductionGLPI is a popular software used by companies, mainly in France. GLPI is usual... 2024-6-20 18:4:24 | 阅读: 22 | 收藏 | Orange Cyberdefense - sensepost.com glpi php injection database proxy

Targeting an industrial protocol gateway Inside industrial systems (also known as Operational Technology, or OT), devices communicate... 2024-5-30 19:19:55 | 阅读: 17 | 收藏 | Orange Cyberdefense - sensepost.com network hms 7412 hicp

Guest vs Null session on Windows If you have been doing internal assessments on Active Directory infrastructure you may have h... 2024-4-19 03:12:5 | 阅读: 21 | 收藏 | Orange Cyberdefense - sensepost.com netexec anonymous poetry windows

From Discovery to Disclosure: ReCrystallize Server Vulnerabilities TL&DR – While on an assessment, I found an instance of ReCrystallize Server. It had many prob... 2024-3-22 15:47:2 | 阅读: 5 | 收藏 | Orange Cyberdefense - sensepost.com software client

Mail in the Middle – A tool to automate spear phishing campaigns ContextIn the chilly month of December 2023, my colleagues Jason (@BreakerOfSigns), Szymo... 2024-2-26 22:32:27 | 阅读: 17 | 收藏 | Orange Cyberdefense - sensepost.com attacker maitm typo phishing recipient

Deck of Cards CTF I created a small crypto style CTF for Black Hat last year (we’re training again this year, c... 2024-2-19 18:39:21 | 阅读: 8 | 收藏 | Orange Cyberdefense - sensepost.com phi exponent modulus inverse khan

Serial PitM Sometimes you need to get in the way of a hardware device and its controller, and see what it... 2024-2-6 23:4:48 | 阅读: 21 | 收藏 | Orange Cyberdefense - sensepost.com socat uart dongle pins baud

Sensecon 23: from Windows drivers to an almost fully working EDR TL;DR I wanted to better understand EDR’s so I built a dummy EDR and talk about it here.... 2024-1-31 16:33:14 | 阅读: 15 | 收藏 | Orange Cyberdefense - sensepost.com mydumbedr dpfltr windows dbgprintex

your contributions, today Reading time ~1 min... 2023-12-20 15:14:53 | 阅读: 23 | 收藏 | Orange Cyberdefense - sensepost.com jacobs dear heart security

Why defend harder won’t work in the long run and what to do instead – arrest criminals Reading time... 2023-12-12 19:21:56 | 阅读: 19 | 收藏 | Orange Cyberdefense - sensepost.com security worthwhile competitive convincing founded

we’re going to bsides cape town 2023 Reading time ~3 min... 2023-11-28 15:17:3 | 阅读: 12 | 收藏 | Orange Cyberdefense - sensepost.com machine talks town cape bsides

Black Hat Card Deck CTF In 2023 we, the training team within Orange Cyberdefense and specifically Ulrich Swart, Matth... 2023-10-31 15:10:26 | 阅读: 1 | 收藏 | Orange Cyberdefense - sensepost.com phi exponent modulus easter chatgpt

P4wnP1 LTE updates After publishing my blog post about running P4wnP1 on an LTE modem, where I explained how to... 2023-10-27 23:12:27 | 阅读: 16 | 收藏 | Orange Cyberdefense - sensepost.com p4wnp1 lte mtu ssh wireguard

Reading Large Files and Perf Reading time ~4 min... 2023-9-19 16:8:18 | 阅读: 13 | 收藏 | Orange Cyberdefense - sensepost.com vanilla seeks buffered memory efficiently

Dress Code – The Talk TL;DR This post is a summary of the contents of my talk in Defcon 31 AppSec Village last... 2023-8-24 00:29:5 | 阅读: 65 | 收藏 | Orange Cyberdefense - sensepost.com attacker facebook directive hotjar security

Filter-Mute Operation: Investigating EDR Internal Communication For our annual internal hacker conference dubbed SenseCon in 2023, I decided to take a look a... 2023-7-28 22:38:54 | 阅读: 12 | 收藏 | Orange Cyberdefense - sensepost.com windows fltmgr memory security

Orange Cyberdefense at Hacker Summer Camp Reading time ~3 min... 2023-7-17 23:55:3 | 阅读: 12 | 收藏 | Orange Cyberdefense - sensepost.com presenting 5th thomas felipe saturday

Browsers’ cache smuggling On red team engagements, I often use social engineering to get one of my client’s employees t... 2023-7-10 16:33:20 | 阅读: 28 | 收藏 | Orange Cyberdefense - sensepost.com powershell payload chrome windows download