Thats a wrap for the Hack The Box Business CTF 21. We played as the Orange Cyberdefense / Orange Cyberdefense's SensePost Team team and placed 5th! I'm super proud of the team, and all the hard pwntime they put it! Get some zzz's Inactive Account Jacques Coertze szymon Titanex @ defcon Michael Kruger @gav1no_ @gmilte!

Here are my notes on reverse challenges for the HTB Business CTF 2021. My solution on Ghosty will be soon. github.com/Titanexx/CTF-W…

A lot of the time, when I have a writing deadline, I procrastinate with code. With LaTeX I can do both at the same time.

🎉We're super excited to publicly release assless-chaps, our super fast MSCHAPv2 cracking tool github.com/sensepost/assl… Our DEF CON RF Hackers Sanctuary Village talk with Michael Kruger & me explaining it is out youtube.com/watch?v=lm7Cuk… Our new hashcat modes 27000/27100 have been merged too!

.Michael Kruger found the perfect shirt on Amazon for our talk. So I bought it for him, sort of. amazon.com/Ask-About-Assl…

Awesome! My two tools berate_ap and wpa_supplicant have made it into Kali :D! kali.org/blog/kali-linu… My writeup from 2019 for some context: sensepost.com/blog/2019/peap…

Good luck to all the trainers at @athackcon in #SaudiArabia! To the Orange Cyberdefense's SensePost Team crew - may it be a great kickstart to getting back to in person training. Smash it! #atHackcon #BlackHat #orangecyberdefense

The crew! @athackcon has been amazing. Saudi has been amazing. Training's pretty darn good. Conference has a great line up. Jason is one happy dude. Thanks SensePost Training | Orange Cyberdefense Orange Cyberdefense Orange Cyberdefense's SensePost Team @athackcon الاتحاد السعودي للأمن السيبراني والبرمجة والدرونز

Finished showing off ppp_sycophant to @athackcon arsenal. Really enjoying the conference and Saudi! nj. github.com/sensepost/ppp_…

Yeah! DEF CON wifi fixed this. Plus wpa_supplicant can do leaf cert validation these days too!

Struggling to proxy your offensive tools (*cough, Windows, cough*)? See how Michael Kruger uses WireGuard and tun2socks to make remote networks available via a network route (from any device or container), over SOCKS! sensepost.com/blog/2022/wire…

Another 0xC0FFEE session tonight with two guest speakers: Jeandre Mitton talking about using Pre/Post Scripts with Postman for CAPTCHA bypass and _leon_jacobs(💥) talking about the LightNeuron malicious mail transport agent he built for MITRE ATT&CK purple teaming. 1/2

The RID500 Admin account doesn't benefit from Protected User Group restrictions. This is a MS WONTFIX & means you can authenticate as Admin using RC4 KRB or perform any KRB delegation attack if you impersonate the RID500 Admin. The latest find by Aurélien Chalot sensepost.com/blog/2023/prot…

Excited to teach wireless hacking and try to convince more people that using wpa_sycophant is easier than it seems (most of the time 😝).

A quick Docker hostapd-mana RADIUS service for capturing creds using an external device: github.com/sensepost/bera… Bonus: Certificates with Lego and CF DNS are so convenient go-acme.github.io/lego/usage/cli… Bonus Bonus: join us at BH for further WiFi shenanigans blackhat.com/us-23/training…

My next book is *The Internet Con: How to Seize the Means of Computation.* It's a recipe to disenshittify the web and bring back the old good internet. The book is from @VersoBoooks, but the #audiobook is from me - because Amazon refuses to sell it: kickstarter.com/projects/docto… 1/

A morning DEF CON run with Michael Kruger and Jaco to The Mill (for those who remember Defcon at the Riv). Even met . on the way.

Every once in a while I'm reminded that dnsmasq, a lightweight DNS and DHCP server that's bundled into *almost every IOT thing and Linux distro*, is a hobby project maintained by one guy in the UK named Simon. Nobody pays him and he doesn't get near the thanks he deserves.

Had a blast climbing Norwegian 🇳🇴mountains with some amazing people, Ole André V. Ravnås and Michael Kruger !

The fact that Andres Freund (Tech) didn't just write the whole xz thing off as "It's probably DNS" is honestly amazing.