We’re adding a new section to Elastic’s HackerOne Bounty Program! Today, we’re opening our SIEM and EDR rules for testing. We’re excited to have another way to thank our community for their efforts on our #detectionengineering. Get more details here: go.es.io/4hdKQCI

🚀 Exciting news for Pretoria hackers! 🚀 No more long drives to Joburg! Join 0xCoffee PTA and connect with like-minded hackers. 📅 11 Feb 2025 🕖 7–9 PM 📍 Rock@88 Moreleta 👾 Show off projects 👥 Meet fellow hackers 🍵 Great vibes 💡 Got something cool to show? Message us!

Instead of relying on RemCom, what if we had a python client to interact with the latest, Microsoft signed PSExec? In this post Aurélien Chalot details how he and the team did exactly this, including a tool, some PSExec internals and detection opportunities! sensepost.com/blog/2025/psex…

A game called PirateFi released on Steam last week and it contained malware. Valve have removed the game two days ago. Users that played the game have received the following email:

My initial take on eBPF for Windows: scorpiosoftware.net/2025/02/22/int…

I noticed a common architecture in some manufactures' desktop software and started poking. Surely others have been here!? Queue a stream of "(lpe|rce) in $vendor" videos spamming Dominic White 👾 🙃😂. I finally reported all of the bugs I found (8 of them) after about a weeks work on/off.

This Orange Cyberdefense's SensePost Team blog post is really useful for debugging AD CS attacks 🎉 x.com/sensepost/stat… We also encountered some additional causes for these errors: • Inaccessible/expired revocation lists (CLIENT_NOT_TRUSTED) • Failed autoenrollment on DC (PADATA_TYPE_NOSUPP)

👋 San Diego!

Reino takes his NoSQL injection series a bit further with (maybe) new techniques for more efficient error based NoSQL injections in this follow up post: sensepost.com/blog/2025/nosq…

Using frida-trace to hook thousands of methods in one go and get clean, readable output for large, obfuscated mobile apps 📲. Another post from Reino’s to level up your dynamic analysis: sensepost.com/blog/2025/usin…

This intro! 🔥 > The hacker's mind is the beginner's mind. A mind that approaches things with all options on the table. > Embracing a beginner's mind means liberating yourself from your preconceived notions about something and face it as it is. tmpout.sh/4/1.html

Frida 16.7.0 is out w/ brand new APIs for observing the lifecycles of threads and modules, a profiler and multiple samplers for measuring cycles/time/etc., MemoryAccessMonitor providing access to thread ID and registers, and more 🎉

Whipped together a SOCKS5-over-any-transport feature today for the c2 & implant used in Orange Cyberdefense's SensePost Team purple teaming / emulation exercises. Here I have a cURL request, over an ICMP channel, funnelling HTTP requests in and out via our implant :D Fun! 😄🔥

Have all those tasty $vpnproduct companies been vibecoding all along and we're just late to the party?

You have got a valid NTLM relay but SMB and LDAP are signed, LDAPS has got Channel Binding and ESC8 is not available... What about WinRMS ? :D Blogpost: sensepost.com/blog/2025/is-t… Tool: github.com/fortra/impacke… And also, big thanks to jmk (Joe Mondloch) for the collab' :D!

Frida 17 is out 🥳 frida.re/news/2025/05/1…

We audited the Go standard cryptographic library, used by thousands of libraries and millions of users. Here's what we found and some key takeaways 🧵

Empire 6.1 is live! - ARM64 support for Donut - Added support for Ubuntu 24.04 - Fixed PowerShell launch issues on Linux - Faster startup & testing with pyyaml C - Simplified Docker builds - Cleaner API and updated dependencies github.com/BC-SECURITY/Em… #RedTeam #Cybersecurity

MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1[.]name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2[.]name IN dcs) RETURN c2[.]name If this query hits, you're in.