Fun
SIM Hijacking
“533 million Facebook users’ phone numbers leaked” was one of the highlighted titles that flooded many social networks’ pages. The leak that was initially for sale in 2020 has more recently been released for free on a hacker forum containing mobile numbers, and a bunch of other related information. This news gave birth to websites like https://haveibeenzucked.com, where you could check if the Facebook data leak contained your data. (https://haveibeenpwned.com…
DualSense Reverse Engineering
Ciao belli! On the 19th of November 2020, SONY finally released the new PlayStation 5 in the UK. A few days earlier in the US, Japan, and Canada. Of course, Play Station 5 came together with a new Wireless Controller, this time named DualSense. I wanted to see if I could continue my PlayStation controller adventures on this new device, following on my previous work. A few SONY installations available…
Szensecon Discord Bot
We have written a lot about SenseCon by now, but there is one more thing we can talk about! In this post I want to detail the Discord bot and associated challenges that we built. We were going to use Discord as our main communication channel and wanted a way to ensure that it was only accessible to Orange Cyberdefense hackers in an automated way. This was a good opportunity…
[Dual-Pod-Shock] Emotional abuse of a DualShock
Hacking PlayStation DualShock controllers to stream audio to their internal speakers. Ciao a tutti. I didn’t really know what this project was going to be about and where or how it would end up. The only thing I know is that I started working on it because one day I was bored and having a chat with a friend of mine: Your flat is like a Luna Park for nerds.…
Exploiting MS16-098 RGNOBJ Integer Overflow on Windows 8.1 x64 bit by abusing GDI objects
Starting from the beginning with no experience whatsoever in kernel land let alone exploiting it, I was always intrigued and fascinated by reverse engineering and exploit development. The idea was simple: find a 1-day patch with an exploitable bug but with no proof of concept exploit currently available, in order to start my reverse engineering and exploit dev journey with.Now the bug discussed here was not my initial choice: I…
PowerShell, C-Sharp and DDE The Power Within
aka Exploiting MS16-032 via Excel DDE without macros. The modified exploit script and video are at the end. A while ago this cool PowerShell exploit for MS16-032 was released by FuzzySecurity. The vulnerability exploited was in the secondary login function, which had a race condition for a leaked elevated thread handle, we wont go into much details about the vulnerability here though. It is a really awesome vulnerability if you want to…
Sensepost Maltego Toolkit: Skyper
Collecting and performing Open Source Intelligence (OSINT) campaigns from a wide array of public sources means ensuring your sources contain the most up to date information relating to your target. Skype, with over 300 million users, can be a vital source if used correctly. The above graphic shows over 70 million active members and over 500 million users that have registered!. As with all things online, many users leak sensitive…
SenseCon 2014
What originally started as one of those “hey, wouldn’t this be cool?” ideas, has blossomed into a yearly event for us at SensePost. SenseCon is a time for all of us to descend on South Africa and spend a week, learning/hacking/tinkering/breaking/building, together and in person. A few years ago we made the difficult, and sometimes painful, shift to enable remote working in preparation for the opening of our UK and Cape Town…
January Get Fit Reversing Challenge
Aah, January, a month where resolutions usually flare out spectacularly before we get back to the couch in February. We’d like to help you along your way with a reverse engineering challenge put together by Siavosh as an introduction to reversing, and a bit of fun. This simple reversing challenge should take 4-10+ hours to complete, depending on your previous experience. The goal was to create an interactive challenge that…
Something about sudo, Kingcope and re-inventing the wheel
Willems and I are currently on an internal assessment and have popped a couple hundred (thousand?) RHEL machines, which was trivial since they are all imaged. Anyhoo – long story short, we have a user which is allowed to make use of sudo for a few commands, such as reboot and service. I immediately thought it would be nice to turn this into a local root somehow. Service seemed promising…
Page 1 of 7
Next