Glad to publish a blog post on a critical vulnerability I found some months ago on GLPI, that impacts all default installation under a certain version: sensepost.com/blog/2025/leak… We also released a tool that implements some check for known vulnerabilities: github.com/Orange-Cyberde…

GLPI (popular in France & Brazil) versions 9.5.0-10.0.16 allow hijacking sessions of authenticated users remotely. The details & process of discovering the vulnerability is detailed by guilhem rioux here: sensepost.com/blog/2025/leak… Tooling: github.com/Orange-Cyberde…

Dropping Teams malware via the browser’s cache - part II of Aurélien Chalot's Browser Cache Smuggling covers his Insomni’hack talk with end to end weaponisation sensepost.com/blog/2025/brow… Demo: youtu.be/tIveWYfYcCI

Time to sign up for Black Hat trainings. I attended CodeMachine Inc. last year, highly recommended! Also if not your are not fully into Exploit dev , check out Orange Cyberdefense's SensePost Team training :)

Whipped together a SOCKS5-over-any-transport feature today for the c2 & implant used in Orange Cyberdefense's SensePost Team purple teaming / emulation exercises. Here I have a cURL request, over an ICMP channel, funnelling HTTP requests in and out via our implant :D Fun! 😄🔥

Unsatisfied with merely relying on reFlutter to do its magic, Jacques dove deep to understand how Flutter's SSL pinning in Android works, and how to intercept it with Frida. sensepost.com/blog/2025/inte…

Visiting the Orange Cyberdefense's SensePost Team offices today, such nostalgia, and the new office is really nice 🤩

Diving Into AD CS: Exploring Some Common Error Messages - Orange Cyberdefense's SensePost Team sensepost.com/blog/2025/divi…

Did we mention it's all in the cloud and you can get extended lab access and office hours after support ...

After Inactive Account argued about dependency confusion & supply chain attacks & was confused with the feasibility of doing this in 2025, he decided to take a practical approach & create his own tool 📷 to detect Orphan and Misspelled packages 📷: sensepost.com/blog/2025/deps…

Quite stoked to be speaking at DEF CON 33 this year, presenting: "7 Vulns in 7 Days: Breaking Bloatware Faster Than It’s Built". Reversing, exploits, disclosure pain - it has it all, and it's going to be fun! 💥 See ya soon Vegas. ☀️

Orange Cyberdefense's SensePost Team and github.com/sensepost/shel…

I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)

🧡 We’re proud to welcome Orange Cyberdefense South Africa back as a Gold Sponsor for #BSidesCPT 2025! A long-time supporter of the local infosec community, they’re once again helping us create spaces to learn, connect and grow.