Our Blog

CertPotato – Using ADCS to privesc from virtual and network service accounts to local system

Reading time: ~14 min
Posted by Hocine Mahtout on 04 November 2022
Categories: Adcs, Kerberos, Rubeus, Windows, Certipy
The goal of this blog post is to present a privilege escalation I found while working on ADCS. We will...

Abusing Windows’ tokens to compromise Active Directory without touching LSASS

Reading time: ~34 min
Posted by aurelien.chalot@orangecyberdefense.com on 27 October 2022
Categories: Authentication, Internals, Redteam, Token, Windows
During an internal assessment, I performed an NTLM relay and ended up owning the NT AUTHORITY\SYSTEM account of the Windows...

WireSocks for Easy Proxied Routing

Reading time: ~9 min
Posted by Michael Kruger on 30 September 2022
Categories: Networking, Offence, Vpn, Windows
I built some infrastructure that you could deploy and use to easily tunnel from arbitrary sources over a proxy such...

sensecon 2022 – wait a minute, you got legs? edition

Reading time: ~10 min
Posted by Leon Jacobs on 03 August 2022
Categories: Hackathon, Sensecon, Sensecon 2022, Sensecon2022
In a world of returning back to, well, “normal” it meant that we could finally have our annual internal hackathon...

me vs request smugglingPOST

Reading time: ~17 min
Posted by Leon Jacobs on 19 July 2022
Categories: Ctf, Requestsmuggling, Http2
I’ve come to realise that I wasn’t the only one that has never actually exploited an HTTP Request Smuggling vulnerability,...

Sail away, sail away, sail away

Reading time: ~10 min
Posted by Reino Mostert on 31 May 2022
Categories: Exploit, Ibm, Shell
A while back, after some live music and drinks at Railways, I made my way to another city for pleasant...

using a cloud mac with a local ios device

Reading time: ~17 min
Posted by Leon Jacobs on 28 May 2022
Categories: Cloud, Corellium, Mobile, Pentest, Ssh, Usbfluxd
Doing iOS mobile assessments without macOS around is not exactly fun. This can be for many reasons that include code...

Constrained Delegation Considerations for Lateral Movement

Reading time: ~18 min
Posted by Sergio Lazaro on 18 May 2022
Categories: Active directory, Internals, Kerberos
The abuse of constrained delegation configuration, whereby a compromised domain user or computer account configured with constrained delegation can be...

Left To My Own Devices – Fast NTCracking in Rust

Reading time: ~17 min
Posted by Dominic White on 16 February 2022
Categories: Cracking, Hashcat, Ntlm, Programming, Rust, Performance
When I got a new MacBook with an M1 Pro chip, I was excited to see the performance benefits. The...

SIM Hijacking

Reading time: ~38 min
Posted by Emmanuel Cristofaro on 07 February 2022
Categories: Fun, Sim card
Introduction “533 million Facebook users’ phone numbers leaked” was one of the highlighted titles that flooded many social networks’ pages....