's Avatar

@shifttymike.bsky.social

55 Followers  |  36 Following  |  3 Posts  |  Joined: 14.11.2024  |  1.4274

Latest posts by shifttymike.bsky.social on Bluesky

Post image

Need to open doors from the outside without touching anything? Turns out thats possible with no touch sensors as @shifttymike.bsky.social details in his latest blog post.

sensepost.com/blog/2025/no...

19.11.2025 13:29 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image Post image Post image

Snap!

15.08.2025 05:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
A DALL-E generated image of a hooded person behind a computer with a large glowing wifi symbol on it. In the background are neon posters with the words WPA2 handshake cracking, PEAP relay access, certificate bypass and BLACK HAT. The style is neon cyberpunk.

A DALL-E generated image of a hooded person behind a computer with a large glowing wifi symbol on it. In the background are neon posters with the words WPA2 handshake cracking, PEAP relay access, certificate bypass and BLACK HAT. The style is neon cyberpunk.

Wifi hacking can be a useful tool, but people are out here grinding on WPA2 handshake cracking tutorials & menu driven attack tooling. When we built the 3rd and latest iteration of the wifi hacking course for BlackHat - we did it to show what really works and how it really works. 1/7

04.06.2025 12:01 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 1    πŸ“Œ 2

What an incredible event. The talks, the CTF, everything. Just touched down back in South Africa and I’m already plotting how I’m going to get there again next year 😁
Congratulations to the organisers!

16.03.2025 08:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Capchan – Solving CAPTCHA with Image Classification Reading time: ~34 min Posted by adriaan.bosch on 13 March 2025 Categories: Ai, Ctf, Neural-nets, Tool Getting rid of pre- and post-conditions in NoSQL injections Reading time: ~10 min Posted by Reino Mostert on 11 March 2025 Categories: Database, Nosql injection, Injection, Nosql goLAPS Reading time: ~3 min Posted by Felipe Molina on 10 March 2025 Categories: Golang, Laps, Sensecon Diving Into AD CS: Exploring Some Common Error Messages Reading time: ~26 min Posted by Jacques Coertze on 07 March 2025 Categories: Active directory, Adcs, Certificates, Internals, Windows, Certificate InvokeADCheck – A PowerShell Module for Assessing Active Directory Reading time: ~5 min Posted by niels.hofland on 06 March 2025 Categories: Active directory, Automation, Powershell, Tool PsExec’ing the right way and why zero trust is mandatory Reading time: ~20 min Posted by aurelien.chalot on 10 February 2025 Categories: Psexec, Sensecon, Tools

Capchan – Solving CAPTCHA with Image Classification Reading time: ~34 min Posted by adriaan.bosch on 13 March 2025 Categories: Ai, Ctf, Neural-nets, Tool Getting rid of pre- and post-conditions in NoSQL injections Reading time: ~10 min Posted by Reino Mostert on 11 March 2025 Categories: Database, Nosql injection, Injection, Nosql goLAPS Reading time: ~3 min Posted by Felipe Molina on 10 March 2025 Categories: Golang, Laps, Sensecon Diving Into AD CS: Exploring Some Common Error Messages Reading time: ~26 min Posted by Jacques Coertze on 07 March 2025 Categories: Active directory, Adcs, Certificates, Internals, Windows, Certificate InvokeADCheck – A PowerShell Module for Assessing Active Directory Reading time: ~5 min Posted by niels.hofland on 06 March 2025 Categories: Active directory, Automation, Powershell, Tool PsExec’ing the right way and why zero trust is mandatory Reading time: ~20 min Posted by aurelien.chalot on 10 February 2025 Categories: Psexec, Sensecon, Tools

Some great research writeups and tool releases hitting the @sensepost.com blog and GitHub the last few days:

13.03.2025 22:55 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1
SensePost | Diving into ad cs: exploring some common error messages Leaders in Information Security

Attacks against AD CS are de rigueur these days, but sometimes a working attack doesn’t work somewhere else, and the inscrutable error messages are no help. Jacques replicated the most infuriating and explains what’s happening under the hood in this post: sensepost.com/blog/2025/di...

07.03.2025 13:15 β€” πŸ‘ 6    πŸ” 6    πŸ’¬ 0    πŸ“Œ 1
Post image

Want some handy powershell scripts to make your AD auditing life easier, Niels has your back with InvokeADCheck. Includes easy to add module system as well as consistent output and excel exports.

sensepost.com/blog/2025/in...

06.03.2025 12:24 β€” πŸ‘ 5    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

@shifttymike.bsky.social will share insights at Insomni’hack 2025 with the talk "The Spy Who Flashed Me: Exploring and defeating physical access control systems".

πŸ”Find the full schedule and register: insomnihack.ch/talks/the-sp...

#INSO25 #Cybersecurity #EthicalHacking #Switzerland

03.03.2025 11:09 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

I noticed a common architecture in some manufactures' desktop software and started poking. Surely others have been here!? Queue a stream of "(lpe|rce) in $vendor" videos spamming @singe.bsky.social πŸ™ƒπŸ˜‚.

I finally reported all of the bugs I found (8 of them) after about a weeks work between things.

24.02.2025 08:45 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
To all the Plakkers - Congratulations on your 25th Birthday! Thank you for your continued support and sharing with the community. You have shaped the path for so many and we can’t wait to see what the next 25 years bring. With fondest wishes from BSides Cape Town.

To all the Plakkers - Congratulations on your 25th Birthday! Thank you for your continued support and sharing with the community. You have shaped the path for so many and we can’t wait to see what the next 25 years bring. With fondest wishes from BSides Cape Town.

Post image Post image

SensePost turned 25 today. The founders RT & Charl visited. BSides CPT sent us Orange cupcakes and nice words. Leon got LPE on a driver. Shiftty got to hacking with the new MikroTik. There was an escape room. We collected food for the local animal shelter. I like these people. I like this place.

14.02.2025 18:30 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

Instead of relying on RemCom, what if we had a python client to interact with the latest, Microsoft signed PSExec? In this post AurΓ©lien details how he and the team did exactly this, including a tool, some PSExec internals and detection opportunities!

sensepost.com/blog/2025/ps...

11.02.2025 15:25 β€” πŸ‘ 6    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0

There’s no way I could have predicted that turnout! What a privilege to kick this off, really hope to be back soon :)

11.02.2025 21:14 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@shifttymike is following 20 prominent accounts