Our Blog

Capchan – Solving CAPTCHA with Image Classification

Reading time: ~34 min
Posted by adriaan.bosch@orangecyberdefense.com on 13 March 2025
Categories: Ai, Ctf, Neural-nets, Tool
A few years ago, I tried my hand at the, now retired, CAPTCHA Forest CTF, which was part of the...

Getting rid of pre- and post-conditions in NoSQL injections

Reading time: ~10 min
Posted by Reino Mostert on 11 March 2025
Categories: Database, Nosql injection, Injection, Nosql
TL;DR: I found a cool way to get rid of pre-conditions in NOSQL syntax injections I have been investigating NoSQL...

goLAPS

Reading time: ~3 min
Posted by Felipe Molina on 10 March 2025
Categories: Golang, Laps, Sensecon
Context During the last SenseCon we had at OrangeCyberdefense in May 2024 (see https://sensepost.com/blog/sensecon/), we usually either pick-up from a...

Diving Into AD CS: Exploring Some Common Error Messages

Reading time: ~26 min
Posted by Jacques Coertze on 07 March 2025
Categories: Active directory, Adcs, Certificates, Internals, Windows, Certificate
Abuse of Active Directory Certificate Services (AD CS) has become a staple of our internal network assessment methodology. In fact,...

InvokeADCheck – A PowerShell Module for Assessing Active Directory

Reading time: ~5 min
Posted by niels.hofland@orangecyberdefense.com on 06 March 2025
Categories: Active directory, Automation, Powershell, Tool
Introduction During an Active Directory (AD) assessment, I found myself struggling with a collection of individual PowerShell scripts and their...

PsExec’ing the right way and why zero trust is mandatory

Reading time: ~20 min
Posted by aurelien.chalot@orangecyberdefense.com on 10 February 2025
Categories: Psexec, Sensecon, Tools
2021 was the year I met two incredible hackers, Michael and Reino with whom I had the opportunity to work...