Profile avatar
leonjza.bsky.social
[ 'cto @sensepost.com', '@orangecyberdef', 'caffeine fueled', '(╯°□°)╯︵ ┻━┻', 'security guy', 'metalhead', 'i saw your password', 'KOOBo+KXleKAv+KXlSnjgaM=' ]
53 posts 350 followers 119 following
Prolific Poster
Posts 45 Comments 4

Attacks against AD CS are de rigueur these days, but sometimes a working attack doesn’t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains what’s happening under the hood in this post: sensepost.com/blog/2025/di...

submitted 2 days ago • 0 comments

"Zen and the Art of Microcode Hacking" Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read. bughunters.google.com/blog/5424842...

submitted 4 days ago • 0 comments

store.steampowered.com/app/1521360/... This soundtrack legit makes me feel happy :D

submitted 3 days ago • 0 comments

Want some handy powershell scripts to make your AD auditing life easier, Niels has your back with InvokeADCheck. Includes easy to add module system as well as consistent output and excel exports. sensepost.com/blog/2025/in...

submitted 3 days ago • 0 comments

A team of academics has exploited a memory leak in equipment used for China's Great Firewall to learn about its internal architecture and DNS injection capabilities. gfw.report/publications...

submitted 8 days ago • 0 comments

In our latest article, our ninja laxa revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at www.synacktiv.com/publications....

submitted 17 days ago • 0 comments

Lots of good stuff in gopls/v0.18.0! #golang The super useful gc_details code lens is now a code action, a modernize analyzer with quick fixes, a unusedfunc analyzer, support for "//go:fix inline", and highlighting between formatting verbs and arguments in printf-like functions.

submitted 11 days ago • 1 comment

Since LinkedIn won’t let you mass select all your messages to delete, this JS can help: document.querySelectorAll('label.msg-selectable-entity__checkbox-label').forEach(label => http://label.click());

submitted 11 days ago • 0 comments

Black Hat have published my original CFP submission for "Listen to the Whispers: Web Timing Attacks that Actually Work". I put a lot of effort into this CFP to avoid being discarded as 'yet another timing talk' - you can find it in full here: i.blackhat.com/BH-US-24/cfp...

submitted 12 days ago • 0 comments

Comparing Decai decompilation using @anthropic.com 's Claude 3.5 vs 3.7 with a simple strcoll wrapper function #r2ai #radare2

submitted 12 days ago • 1 comment

I noticed a common architecture in some manufactures' desktop software and started poking. Surely others have been here!? Queue a stream of "(lpe|rce) in $vendor" videos spamming @singe.bsky.social 🙃😂. I finally reported all of the bugs I found (8 of them) after about a weeks work between things.

submitted 13 days ago • 1 comment

In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. 💪 👉 blog.scrt.ch/2025/02/18/r...

submitted 18 days ago • 2 comments

😎󠄸󠅑󠅓󠅛󠄐󠅄󠅘󠅕󠄐󠅀󠅜󠅑󠅞󠅕󠅤󠄑 emoji.paulbutler.org?mode=decode

submitted 24 days ago • 1 comment

A game called PirateFi released on Steam last week and it contained malware. Valve have removed the game two days ago. Users that played the game have received the following email:

submitted 25 days ago • 9 comments

flamelens is a TUI flamegraph viewer that displays profiling data directly in the terminal. It has keybindings, live profiling in the terminal & searching flamegraph frames with regex. Yung Siang Liau (YS-L on GitHub) made flamelens and is Terminal Tool of the Week! ⭐️ terminaltrove.com/flamelens/

submitted 26 days ago • 0 comments

Instead of relying on RemCom, what if we had a python client to interact with the latest, Microsoft signed PSExec? In this post Aurélien details how he and the team did exactly this, including a tool, some PSExec internals and detection opportunities! sensepost.com/blog/2025/ps...

submitted 26 days ago • 0 comments

🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own 🔥 68 commonly used executables supported out of the box - use right away, make tweaks, or create your own config 👉 Now available at argfuscator.net

submitted 31 days ago • 0 comments

ROADtools update: I just released roadlib v1.0! This version drops the adal dependency, all auth flows are now implemented natively 🎉 This was mostly a personal goal, but it helps with adding new features, such as forcing MFA during device code auth independent of CA policies 😀

submitted 30 days ago • 2 comments

Release Notes for Ghostty 1.1.0 Discussion

submitted 37 days ago • 0 comments

New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...

submitted 38 days ago • 2 comments

A Pretoria 0xc0ffee meetup is starting again!

submitted 38 days ago • 0 comments

“Decompiling Mobile Apps With AI Language Models” by @trufae.bsky.social at @nowsecure.bsky.social www.nowsecure.com/blog/2025/01...

submitted 39 days ago • 1 comment

I'm a *huge* fan of small feedback loops and just discovered the (new?) docker compose --watch flag! docs.docker.com/compose/how-...

submitted 39 days ago • 0 comments

gist.github.com/hackermondev... Fun writeup on figuring out cloudflare traffic!

submitted 47 days ago • 0 comments

Since redirect URLs are tricky, roadtx now includes redirect URLs for many first-party apps and uses them automatically. Demo below shows the interactiveauth module being used for the complaint device CA bypass with the "interactiveauth" module and the "companyportal" client ID alias.

submitted 46 days ago • 1 comment

Really great blog post about bypassing BitLocker using "PXE soft reboot" (even if PXE boot is disabled in the BIOS). "Windows BitLocker -- Screwed without a Screwdriver" 👉 neodyme.io/en/blog/bitl... 👉 media.ccc.de/v/38c3-windo...

submitted 48 days ago • 1 comment

pwndbg 2025.01.20 Release github.com -> "This release features LLDB support, improved performance, bug fixes and better embedded systems experience. Pwndbg can now run on macOS (both Intel & Apple Silicon) and allows for debugging 1/2

submitted 48 days ago • 1 comment

Generate a valid krb5 conf file directly from netexec 🔥 Not that NXC needs it, but sometimes you gotta help other tools for them to work. 😂

submitted 48 days ago • 0 comments

mitmproxy 11.1 is out! 🥳 We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings. More details are at mitmproxy.org/posts/local-.... Super proud of this team effort. 😃

submitted 56 days ago • 2 comments

That 2025 feeling when the randomly generated password you just reset to arrives in your inbox along with the confirmation… 😬

submitted 59 days ago • 0 comments

Given that simps0n isn’t on Bluesky, allow me to post a link to his excellent weekly ezine 💎 Here’s today’s edition, "AppSec Ezine - 568th" 📚 pathonproject.com/zb/?47a5c4d2...

submitted 65 days ago • 0 comments

We really love relaying authentication : you can now also perform NTLM relaying on SCCM Management and Distribution points thanks to the PR from @croco_byte on ntlmrelayx (now merged upstream) :

submitted 65 days ago • 0 comments

Accidental logging would have started roughly 7 months ago. github.com/gnachman/iTe...

submitted 65 days ago • 0 comments

🚨 If you use iTerm2 you *need* to update, and orgs may need to do some IR. If you used the SSH integration feature, all I/O was logged to /tmp/framer.txt on the remote box (world readable). IIRC it auto-updates unless disabled. Does not appear to have a CVE (yet?). iterm2.com/downloads...

submitted 65 days ago • 2 comments

Few BloodHound python updates: LDAP channel binding is now supported with Kerberos auth (native) or with NTLM (custom ldap3 version). Furthermore, the BH CE collector now has its own pypi package and command. You can have both on the same system with pipx. github.com/dirkjanm/Blo...

submitted 66 days ago • 2 comments

Ok, this is awesome… 😎 Doom as a captcha, in the browser (using wasm.) doom-captcha.vercel.app

submitted 68 days ago • 7 comments

Now you can play GAMEBOY GAMES ON TERMINAL. Any good terminal that can run Sixel, iTerm2 or Kitty image protocol. (P.S: I wrote this at Christmas time, so still have to fix audio and normalize keyup) github.com/raphamorim/g...

submitted 69 days ago • 0 comments

Thanks to Xiaolichan, NXC is now capable of scanning your network without attempting SMBv1 first by using the flag --no-smbv1. This reduces unexpected errors and scan time on large networks. 👺 A new module has also been added to scan hosts vulnerable to the Remove-MIC vulnerability 🔥

submitted 69 days ago • 0 comments

FalconHound 1.4.2 is out! * Added Managed identity authentication for Azure based inputs (KeyVaults, MDE, Sentinel, GraphAPI) * Added report command line option and actions * Added HTML output option Grab it here > github.com/FalconForceT...

submitted 69 days ago • 0 comments

Recently learned that my favorite, minimal, self-hosted bookmark manager can now also take snapshots (for archiving) of URL's, making an already great tool even better! Check it out! linkding.link

submitted 79 days ago • 0 comments

Just discovered Safaris "Hide distracting items".. Simple, but delightfully implemented..

submitted 80 days ago • 3 comments

A new free tier of GitHub Copilot in Visual Studio Code. ✅ 2,000 code completions per month 💬 50 chat messages per month 💫 Models like Claude 3.5 Sonnet or GPT-4o ♥️ More fun for you Check it out today! Oh yeah, and we passed 150M developers on GitHub 💅 github.blog/news-insight...

submitted 81 days ago • 19 comments

New module on #NetExec : wam Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀 Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/

submitted 81 days ago • 0 comments

We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy! phrack.org

submitted 83 days ago • 4 comments

New research: We've been monitoring a threat actor publishing dozens of trojanized GitHub repositories targeting threat actors, leaking hundreds of thousands of credentials along the way securitylabs.datadoghq.com/articles/mut...

submitted 83 days ago • 0 comments