Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient.py. Storytime from Aurelien (@defte_), including instructions for reproducing the test environment yourself.

https://sensepost.com/blog/2025/a-journey-implementing-channel-binding-on-mssqlclient.py/

Unsatisfied with merely relying on reFlutter to do its magic, Jacques dove deep to understand how Flutter's SSL pinning in Android works, and how to intercept it with Frida.

https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/

The S is for Security. How to use WinRMS as a solid NTLM relay target, and why it’s less secure than WinRM over HTTP.

writeup: https://sensepost.com/blog/2025/is-tls-more-secure-the-winrms-case./

PR to impacket:
https://github.com/fortra/impacket/pull/1947/files

Dropping Teams malware via the browser’s cache - part II of Aurélien’s Browser Cache Smuggling covers his Insomni’hack talk with end to end weaponisation https://sensepost.com/blog/2025/browser-cache-smuggling-the-return-of-the-dropper/

Demo: https://youtu.be/tIveWYfYcCI

GLPI (popular in France & Brazil) versions 9.5.0 to 10.0.16 allows hijacking sessions of authenticated users remotely. The details and process of discovering the vulnerability is detailed by @GuilhemRioux here:
https://sensepost.com/blog/2025/leakymetry-circumventing-glpi-authentication/

Along with a vulnerability checking tool: https://github.com/Orange-Cyberdefense/glpwnme

Demo at https://youtu.be/OTaCV4-6qHE

Want a hacker's introduction to using neural networks to create a tool to bypass CAPTCHAs? Adriaan's got you.

Writeup: https://sensepost.com/blog/2025/capchan-solving-captcha-with-image-classification/

Accompanying training/classifying tool capchan https://github.com/sensepost/capchan/