Just pushed some slides and labs polish for next weeks @1ns0mn1h4ck before my flight. The whole repo (which includes the training platform, labs, and slides) is quite... diverse :D
| c[_] | https://leonjza.github.io |
| (╭ರ_•́) | https://github.com/leonjza |
leonjza 
- 342 Followers
- 158 Following
- 206 Posts
['cto @sensepost', 'Caffeine fueled', '(╯°□°)╯︵ ┻━┻', 'Security guy', 'Metalhead', 'Shells are my own', 'KOOBo+KXleKAv+KXlSnjgaM=']
A clip introducing our new Binary Instrumentation with Frida course, aimed at getting you more comfortable with the @fridadotre ecosystem - coming to a conference near you!
You've used Frida-based tools like objection before, but now you want to take your instrumentation to the next level - writing your own tools and forcing software to behave exactly how you want.
Add features. Disable security controls. Rewrite existing logic.
While @fridadotre is especially popular in mobile ecosystems, this course focuses on teaching Frida as a whole.
We use a variety of C/C++ and Java targets to teach the core concepts, with hands-on labs so you can apply what you learn.
Join me and @IPmegladon@x at @1ns0mn1h4ck next week and level up your Frida-fu!
Details here:
https://insomnihack.ch/workshops/binary-instrumentation-with-frida/
--
P.S. Want to see the complete take of the clip?
Well... take 71, actually 😅
Full video on YouTube:
https://youtu.be/C9V2JBrOqN0
Had a case this week of a fairly secure deployment of BeyondTrust, but vulnerable to CVE-2026-1731. With basically zero egress, I implemented a timing oracle POC instead. Takes about 20 minutes to get the ls command output in this demo, but hey, it works! :D
Noone asked for this, but I'm trying to get more comfortable with qemu as a whole which has resulted in this overly fancy Qemu Machine Protocol (QMP) socket client, complete with dynamic schema parsing, event subscriptions and tab completion, because why not :P
Quick lunch time side quest building a simple lab to play with the inetutils-telnetd authentication bypass as disclosed on oss-sec ₁.
Two blog posts just dropped - one with the details on the bloatware pwning shenanigans I was up to earlier in the year, and another on pipetap, a new Windows named pipe proxy/tool.
https://sensepost.com/blog/2025/pipetap-a-windows-named-pipe-proxy-tool/
It's... been a while since the last objection release got tagged. We finally landed a 1.12 release today which also means pypi is up to date again, and for the foreseeable future! Work never really stopped, and plenty of bug fixes are included.
https://github.com/sensepost/objection/releases/tag/1.12.0
Apart from all of the epic effort @IPmegladon and other contributors have put in, I'm really happy with the new CI. Manual pypi releases are no longer needed and we can finally move fast again with tagging which is huge.
We changed two big things today.
1. Packaging is now using uv. While you can still pip install objection, you can now also run it with: uv run --with objection
2. Pushing updates to PyPi now happens on git tag, using trusted publishing: https://docs.pypi.org/trusted-publishers/.
I know it took long, and there is work to do, but I'm excited for getting back on track.
Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to @merlos and the @cybersaiyan team for making the speaking experience excellent too. 🙃
