Filter-Mute Operation: Investigating EDR Internal Communication For our annual internal hacker conference dubbed SenseCon in 2023, I decided to take a look a... 2023-7-28 22:38:54 | 阅读: 21 | 收藏 | Orange Cyberdefense - sensepost.com windows fltmgr memory security

Orange Cyberdefense at Hacker Summer Camp Reading time ~3 min... 2023-7-17 23:55:3 | 阅读: 18 | 收藏 | Orange Cyberdefense - sensepost.com presenting 5th thomas felipe saturday

Browsers’ cache smuggling On red team engagements, I often use social engineering to get one of my client’s employees t... 2023-7-10 16:33:20 | 阅读: 35 | 收藏 | Orange Cyberdefense - sensepost.com powershell payload chrome windows download

P4wnP1-LTE I’ve written a couple of blog posts in the past in which I explain how to use Marcus Mengs’ t... 2023-7-10 02:6:49 | 阅读: 28 | 收藏 | Orange Cyberdefense - sensepost.com p4wnp1 lte modem deb firmware

select * from projectdiscovery join steampipe Recently, I decided to take a look at Steampipe again. I like SQL and the structure it provid... 2023-7-3 17:52:34 | 阅读: 17 | 收藏 | Orange Cyberdefense - sensepost.com reddit 151 steampipe alb

an offensive look at docker desktop extensions For our annual internal hacker conference dubbed SenseCon in 2023, I decided to take a quick... 2023-5-30 15:24:42 | 阅读: 58 | 收藏 | Orange Cyberdefense - sensepost.com ddclient containers client injection marketplace

Investigating the Wink Hub 2 Rogan brought half of his hardware parts bin to the hackathon!Michael Rodger, Daniel Scra... 2023-5-26 18:40:21 | 阅读: 21 | 收藏 | Orange Cyberdefense - sensepost.com wink uart ttl updater partitions

hash-cracker – password cracking done effectively IntroI wrote a tool to help with cracking of hashes, today I finally decided to blog abou... 2023-4-5 20:35:21 | 阅读: 26 | 收藏 | Orange Cyberdefense - sensepost.com cracker cracking passwords optimised github

Protected Users: you thought you were safe uh? On the 31st of October 2022, a PR on CrackMapExec from Thomas Seigneuret (@Zblurx) was merged... 2023-3-31 14:3:38 | 阅读: 21 | 收藏 | Orange Cyberdefense - sensepost.com delegation whiteflag rid500 security

From BitLocker-Suspended to Virtual Machine On a recent red-team I was given a client laptop from which I was expected to simulate an ins... 2023-3-29 02:6:2 | 阅读: 28 | 收藏 | Orange Cyberdefense - sensepost.com machine security bitlocker client revert

Decoding BlazorPack TL;DR: I couldn’t make a custom BlazorPack editor work in Burp, so I used Mallet instead. Fro... 2023-2-22 10:5:0 | 阅读: 37 | 收藏 | Orange Cyberdefense - sensepost.com messagepack blazorpack mallet netty frames

Jumping into SOCKS On a recent internal assessment, we ran into a problem. While holding low-privileged access t... 2023-1-24 18:59:7 | 阅读: 19 | 收藏 | Orange Cyberdefense - sensepost.com proxy client socks4 remote burp

CertPotato – Using ADCS to privesc from virtual and network service accounts to local system The goal of this blog post is to present a privilege escalation I found while working on ADCS... 2022-11-4 21:27:54 | 阅读: 24 | 收藏 | Orange Cyberdefense - sensepost.com machine delegation adcs network

Abusing Windows’ tokens to compromise Active Directory without touching LSASS During an internal assessment, I performed an NTLM relay and ended up owning the NT AUTHORITY... 2022-10-28 00:48:2 | 阅读: 28 | 收藏 | sensepost.com windows impersonate duplicated whiteflag privileges

WireSocks for Easy Proxied Routing I built some infrastructure that you could deploy and use to easily tunnel from arbitrary sou... 2022-9-30 12:48:0 | 阅读: 29 | 收藏 | sensepost.com proxy wireguard network tun2socks wiresocks

sensecon 2022 – wait a minute, you got legs? edition In a world of returning back to, well, “normal” it meant that we could finally have our annua... 2022-8-3 21:27:41 | 阅读: 22 | 收藏 | sensepost.com workshop buzzword sensecon hackathon regions

me vs request smugglingPOST I’ve come to realise that I wasn’t the only one that has never actually exploited an HTTP Req... 2022-7-19 16:35:32 | 阅读: 34 | 收藏 | sensepost.com varnish smuggled ncat logfile smuggle

Sail away, sail away, sail away A while back, after some live music and drinks at Railways, I made my way to another city... 2022-6-1 02:9:14 | 阅读: 16 | 收藏 | sensepost.com ihs writefile ihsadmin ssh

using a cloud mac with a local ios device Doing iOS mobile assessments without macOS around is not exactly fun. This can be for many re... 2022-5-29 00:34:37 | 阅读: 52 | 收藏 | sensepost.com usbmuxd usbfluxd remote client ssh

Constrained Delegation Considerations for Lateral Movement The abuse of constrained delegation configuration, whereby a compromised domain user or compu... 2022-5-18 14:35:32 | 阅读: 46 | 收藏 | sensepost.com delegation asgard server02 server01 arthur