Our Blog

sensecon 2022 – wait a minute, you got legs? edition

Reading time: ~10 min
In a world of returning back to, well, “normal” it meant that we could finally have our annual internal hackathon...

me vs request smugglingPOST

Reading time: ~17 min
I’ve come to realise that I wasn’t the only one that has never actually exploited an HTTP Request Smuggling vulnerability,...

using a cloud mac with a local ios device

Reading time: ~17 min
Doing iOS mobile assessments without macOS around is not exactly fun. This can be for many reasons that include code...

Constrained Delegation Considerations for Lateral Movement

Reading time: ~17 min
The abuse of constrained delegation configuration, whereby a compromised domain user or computer account configured with constrained delegation can be...

Left To My Own Devices – Fast NTCracking in Rust

Reading time: ~17 min
When I got a new MacBook with an M1 Pro chip, I was excited to see the performance benefits. The...

SIM Hijacking

Reading time: ~37 min
Introduction “533 million Facebook users’ phone numbers leaked” was one of the highlighted titles that flooded many social networks’ pages....