💥 leonjza

Last Week in Security (LWiS) - 2026-02-09

"Negative-day" discovery (@spaceraccoonsec), Exploit gen with LLMs (@seanhn), Harmony LPE (@johnnyspandex + @buffaloverflow), NetSupport Manager RCE (@0xor_solo), Azure blob C2 (@KingOfTheNOPs + @senderend) and more!

blog.badsectorlabs.com/last-week-in...

Noone asked for this, but I'm trying to get more comfortable with qemu as a whole which has resulted in this overly fancy Qemu Machine Protocol (QMP) socket client, complete with dynamic schema parsing, event subscriptions and tab completion, because why not :P

A codex session with a message: "Applying patch carefully".

Thank you for applying the patch carefully.

an easy way to remember the difference between ssh -L and ssh -R is to try both until it works

PoC authentication bypass for telnetd.

Quick lunch time side quest building a simple lab to play with the inetutils-telnetd authentication bypass as disclosed on oss-sec ₁.

github.com/leonjza/inet...

₁ seclists.org/oss-sec/2026...

Really excited to present this Frida training @1ns0mn1h4ck.bsky.social with @ipmegladon.bsky.social and myself! If you've dabbled with Frida before, but want a practical learning opportunity to improve your usage and understanding, this one is for you!

We are excited to announce the CFP for the next tmp.0ut Volume 5!

tmpout.sh/blog/vol5-cf...

It's a nice feeling wrapping up some research! :D

Two blog posts just dropped - one with the details on the bloatware pwning shenanigans I was up to earlier in the year, and another on pipetap, a new Windows named pipe proxy/tool.

sensepost.com/blog/2025/pw...

sensepost.com/blog/2025/pi...

It’s almost time for my @BSidesCapeTown talk, and I’ve just open sourced pipetap. My Windows named pipe proxy & multi-tool. Excited to see what you do with it!

github.com/sensepost/pi...

Honestly excited for this years BSides Cape Town with fellow hackers and the @sensepost.com crew! See you soon Cape Town!

[BLOG]
This update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command.
rastamouse.me/pic-symphony/

GitHub - pard0p/LibPicoManager: LibPicoManager is a unified PICO management framework that provides centralized control over Position Independent Code Objects in shared memory, enabling dynamic code l... LibPicoManager is a unified PICO management framework that provides centralized control over Position Independent Code Objects in shared memory, enabling dynamic code loading, runtime PICO substitu...

LibPicoManager is a unified PICO management framework that provides centralized control over PICOs in memory, enabling dynamic code loading, runtime PICO substitution, and advanced evasion techniques like sleep masking through a single RWX code block.

github.com/pard0p/LibPi...

Where I'm going with this: we're in research territory. We may find patterns that just make sense as the way to tackle certain problems/architectural needs. And, in some cases, tightly coupling things may be the right answer.

Always keep the task/problem first, make elegance a lower priority aim.

🎟️ Early Bird tickets for Insomni'hack 2026 are live!

Join us in Switzerland for talks, CTF and networking with industry leaders.

Don’t miss out! Secure your spot now: https://ow.ly/iKes50XzTj3

#INSO26 #Cybersecurity #EthicalHacking #Event

Red Team Ops II Gain the knowledge and skills necessary to operate against advanced defences.

The new version of RTO II is finally available to purchase.
www.zeropointsecurity.co.uk/course/red-t...

Release 1.12.0 · sensepost/objection The, wow, finally, a release release! 😂 Honestly, there has been so much that has changed, and it's hard to thank and attribute to everyone that has contributed. To that end, thank you for your con...

We've been waiting 5 years for this: objection has been updated to 1.12.x with Frida17+ support. Thank you so much @leonjza.bsky.social and everyone who contributed!

github.com/sensepost/ob...

Thanks to @ipmegladon.bsky.social for updating the MASTG accordingly (OWASP/mastg/pull/3378)

I know it took long, and there is work to do, but I'm excited for getting back on track.

We changed two big things today.

1. Packaging is now using uv. While you can still pip install objection, you can now also run it with: uv run --with objection
2. Pushing updates to PyPi now happens on git tag, using trusted publishing: docs.pypi.org/trusted-publ....

Apart from all of the epic effort @ipmegladon.bsky.social and other contributors have put in, I'm really happy with the new CI. Manual pypi releases are no longer needed and we can finally move fast again with tagging which is huge.

It's... been a while since the last objection release got tagged. We finally landed a 1.12 release today which also means pypi is up to date again, and for the foreseeable future! Work never really stopped, and plenty of bug fixes are included. More in 🧵

github.com/sensepost/ob...

GitHub - singe/domain-probe: A utility to find identically configured domains and web-servers based on a pattern. Used to find phishing kits. A utility to find identically configured domains and web-servers based on a pattern. Used to find phishing kits. - singe/domain-probe

Made this last night, it’s useful for finding a large number of domains hosting phishing kits or malware based on a consistent pattern github.com/singe/domain-p… Might be useful for some of you.

Need to open doors from the outside without touching anything? Turns out thats possible with no touch sensors as @shifttymike.bsky.social details in his latest blog post.

sensepost.com/blog/2025/no...

The new kids use uv, so:

uv run raw.githubusercontent.com/sensepost/CV... !

Release 3.1.0 · sensepost/gowitness A new release, this time focussing on performance and various bug fixes! Thanks to all of the contributors! Enjoy! 🎉 New Refactor the chromedp driver, focussing on performance. The new implementat...

Landed a new gowitness release, this time focussing on performance! 🎉 v3.1.0

github.com/sensepost/go...

Tradecraft Engineering with Aspect-Oriented Programming It’s 2025 and apparently, I’m still a Java programmer. One of the things I never liked about Java’s culture, going back many years ago, was the tendency to hype frameworks that seemed to over-engin…

Tradecraft Engineering with Aspect-Oriented Programming

@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.

Yes, attach can incept its PIC.

aff-wg.org/2025/11/10/t...

GitHub - rasta-mouse/Crystal-Loaders: A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike - rasta-mouse/Crystal-Loaders

I've also updated Crystal Loaders to benefit from some of the new CP features github.com/rasta-mouse/...

ATT&CK v18: Detection Strategies, More Adversary Insights, ATT&CK v18 is released with new Detection Strategies, Analytics, and revamped Data Components!

ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....

Three terminals stack on top of eachother. The top is running hub.pl on the host. The middle is running pool.pl on the “hacker” server. And the bottom shows a connection from the host through the hacked server to a target server over SOCKS.

Just added SOCKS support to this reverse tunnelling tool github.com/singe/contun...

GitHub - singe/contun.pl: A concurrent listen:listen connect:connect tunnelling solution written in Perl A concurrent listen:listen connect:connect tunnelling solution written in Perl - singe/contun.pl

github.com/singe/contun.p… this was a fun nerd snipe - how do you build a listed:listen connect:connect reverse tunnel that can handle concurrent connections when you only have Perl.