Our Blog

sensecon 2022 – wait a minute, you got legs? edition

Reading time: ~10 min
Posted by Leon Jacobs on 03 August 2022
Categories: Hackathon, Sensecon, Sensecon 2022, Sensecon2022
In a world of returning back to, well, “normal” it meant that we could finally have our annual internal hackathon...

me vs request smugglingPOST

Reading time: ~17 min
Posted by Leon Jacobs on 19 July 2022
Categories: Ctf, Requestsmuggling, Http2
I’ve come to realise that I wasn’t the only one that has never actually exploited an HTTP Request Smuggling vulnerability,...

using a cloud mac with a local ios device

Reading time: ~17 min
Posted by Leon Jacobs on 28 May 2022
Categories: Cloud, Corellium, Mobile, Pentest, Ssh, Usbfluxd
Doing iOS mobile assessments without macOS around is not exactly fun. This can be for many reasons that include code...

Constrained Delegation Considerations for Lateral Movement

Reading time: ~17 min
Posted by Sergio Lazaro on 18 May 2022
Categories: Active directory, Internals, Kerberos
The abuse of constrained delegation configuration, whereby a compromised domain user or computer account configured with constrained delegation can be...

Left To My Own Devices – Fast NTCracking in Rust

Reading time: ~17 min
Posted by Dominic White on 16 February 2022
Categories: Cracking, Hashcat, Ntlm, Programming, Rust, Performance
When I got a new MacBook with an M1 Pro chip, I was excited to see the performance benefits. The...

SIM Hijacking

Reading time: ~37 min
Posted by Emmanuel Cristofaro on 07 February 2022
Categories: Fun, Sim card
Introduction “533 million Facebook users’ phone numbers leaked” was one of the highlighted titles that flooded many social networks’ pages....