Our Blog

Browser Cache Smuggling: the return of the dropper

Reading time: ~8 min
Posted by aurelien.chalot@orangecyberdefense.com on 24 March 2025
Categories: Browser, Cache, Dllproxy, Redteam, Smuggling
A year and a half ago I wrote a blog post describing how browsers’ cache system can be abused to...

Leakymetry: Circumventing GLPI Authentication

Reading time: ~12 min
Posted by guilhem.rioux@orangecyberdefense.com on 21 March 2025
Categories: Cve, Injection, Glpi
Intro GLPI (Gestionnaire libre de parc informatique) is a popular open-source software in France and Brazil. It is used to...

Using & improving frida-trace

Reading time: ~17 min
Posted by Reino Mostert on 19 March 2025
Categories: Frida, Mobile
TL;DR In this blog I want to show you how useful frida-trace can be at hooking thousands of methods at...

NoSQL error-based injection

Reading time: ~6 min
Posted by Reino Mostert on 15 March 2025
Categories: Database, Nosql injection, Injection, Nosql
TL;DR How to do NoSQL error-based injection In this second blog post (read the first one here), on NoSQL injection,...

Capchan – Solving CAPTCHA with Image Classification

Reading time: ~35 min
Posted by adriaan.bosch@orangecyberdefense.com on 13 March 2025
Categories: Ai, Ctf, Neural-nets, Tool
A few years ago, I tried my hand at the, now retired, CAPTCHA Forest CTF, which was part of the...

Getting rid of pre- and post-conditions in NoSQL injections

Reading time: ~10 min
Posted by Reino Mostert on 11 March 2025
Categories: Database, Nosql injection, Injection, Nosql
TL;DR: I found a cool way to get rid of pre-conditions in NOSQL syntax injections I have been investigating NoSQL...

goLAPS

Reading time: ~3 min
Posted by Felipe Molina on 10 March 2025
Categories: Golang, Laps, Sensecon
Context During the last SenseCon we had at OrangeCyberdefense in May 2024 (see https://sensepost.com/blog/sensecon/), we usually either pick-up from a...

Diving Into AD CS: Exploring Some Common Error Messages

Reading time: ~26 min
Posted by Jacques Coertze on 07 March 2025
Categories: Active directory, Adcs, Certificates, Internals, Windows, Certificate
Abuse of Active Directory Certificate Services (AD CS) has become a staple of our internal network assessment methodology. In fact,...

InvokeADCheck – A PowerShell Module for Assessing Active Directory

Reading time: ~5 min
Posted by niels.hofland@orangecyberdefense.com on 06 March 2025
Categories: Active directory, Automation, Powershell, Tool
Introduction During an Active Directory (AD) assessment, I found myself struggling with a collection of individual PowerShell scripts and their...

PsExec’ing the right way and why zero trust is mandatory

Reading time: ~20 min
Posted by aurelien.chalot@orangecyberdefense.com on 10 February 2025
Categories: Psexec, Sensecon, Tools
2021 was the year I met two incredible hackers, Michael and Reino with whom I had the opportunity to work...