Our Blog

Mail in the Middle – A tool to automate spear phishing campaigns

Reading time: ~15 min
Context In the chilly month of December 2023, my colleagues Jason (@BreakerOfSigns), Szymon (@TH3_GOAT_FARM3R), and myself (@felmoltor) were on a...

Serial PitM

Reading time: ~20 min
Sometimes you need to get in the way of a hardware device and its controller, and see what it has...

Jumping into SOCKS

Reading time: ~30 min
On a recent internal assessment, we ran into a problem. While holding low-privileged access to an internal Windows host, we...

dwn – a docker pwn tool manager experiment

Reading time: ~10 min
Years ago I learnt docker basics because I just couldn’t get that $ruby_tool to install. The bits of progress I’d...

thumbscr-ews – a python EWS tool

Reading time: ~6 min
Something I have found myself doing more and more often is using Exchange Web Services (EWS) to bypass 2FA. I...

PEAP Relay Attacks with wpa_sycophant

Reading time: ~8 min
Back in 2018, I was interested that MSCHAPv2 and NTLMv1 hashes crack using the same algorithms, and wanting to get...

Sensepost Maltego Toolkit: Skyper

Reading time: ~4 min
Collecting and performing Open Source Intelligence (OSINT) campaigns from a wide array of public sources means ensuring your sources contain...