SensePost

@sensepost@infosec.exchange
469 Followers
74 Following
123 Posts
Orange Cyberdefense's SensePost Team
wwwhttps://sensepost.com/blog
twitterhttps://twitter.com/sensepost
SensePostJun 26
Adriaan was struggling to get an interactive shell on the *nix app server he had popped, so he wrote a turn-based mini binary to give you a semi-interactive shell in restrictive environments. Writeup & code are at

👇
https://sensepost.com/blog/2025/no-egress-no-shell-no-problem/
SensePostJun 11
Felipe Molina 🔵Jun 11
I was talking with someone about dependency confusion and suply chain attacks and I was confused myself with the feasibility of doing this in 2025, so I decided to take a practical aproach and create my own tool 🔨 to detect Orphan and Mispelled packages 📦: https://sensepost.com/blog/2025/depscanner-find-orphaned-packages-before-the-bad-guys-do/
SensePost | Depscanner: find orphaned packages before the bad guys do

Leaders in Information Security

SensePostJun 4
Did we mention this is all done in the cloud, giving you access to labs after Vegas madness for practise, as well as office hours with the trainers outside the course. https://chaos.social/@singe/114624961492719545
Dominic White (@singe@chaos.social)

Attached: 1 image Wifi hacking can be a useful tool, but people are out here grinding on WPA2 handshake cracking tutorials & menu driven attack tooling. When we built the 3rd and latest iteration of the wifi hacking course for #BlackHat - we did it to show what really works and how it really works. 1/7

chaos.social
SensePostJun 4
Dominic WhiteJun 4
Wifi hacking can be a useful tool, but people are out here grinding on WPA2 handshake cracking tutorials & menu driven attack tooling. When we built the 3rd and latest iteration of the wifi hacking course for #BlackHat - we did it to show what really works and how it really works. 1/7
Show threadSensePostApr 17
After identifying a mistake relating to NTLMv1 being enabled in the test environment, the blog has been updated with an errata section.
SensePostApr 17

Unsatisfied with merely relying on reFlutter to do its magic, Jacques dove deep to understand how Flutter's SSL pinning in Android works, and how to intercept it with Frida.

https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/

SensePost | Intercepting https communication in flutter: going full hardcore mode with frida

Leaders in Information Security

SensePostApr 14

The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP.

writeup: https://sensepost.com/blog/2025/is-tls-more-secure-the-winrms-case./

PR to impacket:
https://github.com/fortra/impacket/pull/1947/files

SensePost | Is tls more secure? the winrms case.

Leaders in Information Security

SensePostMar 29
leonjza Mar 29

Whipped together a SOCKS5-over-any-transport feature today for the c2 & implant used in @sensepost purple teaming / emulation exercises.

Here I have a cURL request, over an ICMP channel, funnelling HTTP requests in and out via our implant :D

Fun! 😄🔥

SensePostMar 24

Dropping Teams malware via the browser’s cache - part II of Aurélien’s Browser Cache Smuggling covers his Insomni’hack talk with end to end weaponisation https://sensepost.com/blog/2025/browser-cache-smuggling-the-return-of-the-dropper/

Demo: https://youtu.be/tIveWYfYcCI

SensePost | Browser cache smuggling: the return of the dropper

Leaders in Information Security

SensePostMar 21

GLPI (popular in France & Brazil) versions 9.5.0 to 10.0.16 allows hijacking sessions of authenticated users remotely. The details and process of discovering the vulnerability is detailed by @GuilhemRioux here:
https://sensepost.com/blog/2025/leakymetry-circumventing-glpi-authentication/

Along with a vulnerability checking tool: https://github.com/Orange-Cyberdefense/glpwnme

Demo at https://youtu.be/OTaCV4-6qHE

SensePost | Leakymetry: circumventing glpi authentication

Leaders in Information Security