Need to open doors from the outside without touching anything? Turns out thats possible with no touch sensors as @shifttymike.bsky.social details in his latest blog post.
sensepost.com/blog/2025/no...
Snap!
A DALL-E generated image of a hooded person behind a computer with a large glowing wifi symbol on it. In the background are neon posters with the words WPA2 handshake cracking, PEAP relay access, certificate bypass and BLACK HAT. The style is neon cyberpunk.
Wifi hacking can be a useful tool, but people are out here grinding on WPA2 handshake cracking tutorials & menu driven attack tooling. When we built the 3rd and latest iteration of the wifi hacking course for BlackHat - we did it to show what really works and how it really works. 1/7
What an incredible event. The talks, the CTF, everything. Just touched down back in South Africa and I’m already plotting how I’m going to get there again next year 😁
Congratulations to the organisers!
Capchan – Solving CAPTCHA with Image Classification Reading time: ~34 min Posted by adriaan.bosch on 13 March 2025 Categories: Ai, Ctf, Neural-nets, Tool Getting rid of pre- and post-conditions in NoSQL injections Reading time: ~10 min Posted by Reino Mostert on 11 March 2025 Categories: Database, Nosql injection, Injection, Nosql goLAPS Reading time: ~3 min Posted by Felipe Molina on 10 March 2025 Categories: Golang, Laps, Sensecon Diving Into AD CS: Exploring Some Common Error Messages Reading time: ~26 min Posted by Jacques Coertze on 07 March 2025 Categories: Active directory, Adcs, Certificates, Internals, Windows, Certificate InvokeADCheck – A PowerShell Module for Assessing Active Directory Reading time: ~5 min Posted by niels.hofland on 06 March 2025 Categories: Active directory, Automation, Powershell, Tool PsExec’ing the right way and why zero trust is mandatory Reading time: ~20 min Posted by aurelien.chalot on 10 February 2025 Categories: Psexec, Sensecon, Tools
Some great research writeups and tool releases hitting the @sensepost.com blog and GitHub the last few days:
Attacks against AD CS are de rigueur these days, but sometimes a working attack doesn’t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains what’s happening under the hood in this post: sensepost.com/blog/2025/di...
Want some handy powershell scripts to make your AD auditing life easier, Niels has your back with InvokeADCheck. Includes easy to add module system as well as consistent output and excel exports.
sensepost.com/blog/2025/in...
@shifttymike.bsky.social will share insights at Insomni’hack 2025 with the talk "The Spy Who Flashed Me: Exploring and defeating physical access control systems".
🔍Find the full schedule and register: insomnihack.ch/talks/the-sp...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
I noticed a common architecture in some manufactures' desktop software and started poking. Surely others have been here!? Queue a stream of "(lpe|rce) in $vendor" videos spamming @singe.bsky.social 🙃😂.
I finally reported all of the bugs I found (8 of them) after about a weeks work between things.
To all the Plakkers - Congratulations on your 25th Birthday! Thank you for your continued support and sharing with the community. You have shaped the path for so many and we can’t wait to see what the next 25 years bring. With fondest wishes from BSides Cape Town.
SensePost turned 25 today. The founders RT & Charl visited. BSides CPT sent us Orange cupcakes and nice words. Leon got LPE on a driver. Shiftty got to hacking with the new MikroTik. There was an escape room. We collected food for the local animal shelter. I like these people. I like this place.
Instead of relying on RemCom, what if we had a python client to interact with the latest, Microsoft signed PSExec? In this post Aurélien details how he and the team did exactly this, including a tool, some PSExec internals and detection opportunities!
sensepost.com/blog/2025/ps...
There’s no way I could have predicted that turnout! What a privilege to kick this off, really hope to be back soon :)