Our Blog

your contributions, today

Reading time: ~1 min
Posted by Leon Jacobs on 20 December 2023
Categories: 0xcon, 2023, Contributions, Keynote, Talks
Keynoting 0xcon in Johannesburg this year, I had the immense privilege of talking and sharing ideas about something that is...

Why defend harder won’t work in the long run and what to do instead – arrest criminals

Reading time: ~1 min
Posted by Dominic White on 12 December 2023
Categories: Defence, Talks, Bsides, Cape town, Keynote, Law enforcement, Strategy, Talk
The whole of information/cyber security is founded on the idea that we can defend ourselves into security. But in the...

we’re going to bsides cape town 2023

Reading time: ~3 min
Posted by Leon Jacobs on 28 November 2023
Categories: Bsides, Conferences
Arguably one of the largest hacking conferences in South Africa, BSides Cape Town 2023 is around the corner and the...

Black Hat Card Deck CTF

Reading time: ~8 min
Posted by Jason Spencer on 31 October 2023
Categories: Ctf, Training
In 2023 we, the training team within Orange Cyberdefense and specifically Ulrich Swart, Matthew Hughes and myself, attempted to do...

P4wnP1 LTE updates

Reading time: ~11 min
Posted by Rogan Dawes on 27 October 2023
Categories: Hardware, Physical threats, Redteam
After publishing my blog post about running P4wnP1 on an LTE modem, where I explained how to install Linux and...

Reading Large Files and Perf

Reading time: ~4 min
Posted by Dominic White on 19 September 2023
Categories: Code, Experiment, Perf, Rust, Performance
One of the things that has often confused me is how little good advice there is for reading large files...

Dress Code – The Talk

Reading time: ~33 min
Posted by Felipe Molina on 23 August 2023
Categories: Bypass, Csp, Talks, Webapps
TL;DR This post is a summary of the contents of my talk in Defcon 31 AppSec Village last August 2023,...

Filter-Mute Operation: Investigating EDR Internal Communication

Reading time: ~21 min
Posted by jeanpascal.thomas@orangecyberdefense.com on 28 July 2023
Categories: Edr, Kernel, Reversing, Windows, Av bypass, Reverse engineering
For our annual internal hacker conference dubbed SenseCon in 2023, I decided to take a look at communication between a...

Orange Cyberdefense at Hacker Summer Camp

Reading time: ~3 min
Posted by Szymon Ziolkowski on 17 July 2023
Categories: Blackhat, Defcon, Ringzer0, Training
It’s that time of year again where we head out to the desert, more specifically Las Vegas, for what is...

Browsers’ cache smuggling

Reading time: ~13 min
Posted by aurelien.chalot@orangecyberdefense.com on 10 July 2023
Categories: Browser, Cache, Redteam, Smuggling
On red team engagements, I often use social engineering to get one of my client’s employees to run my malicious...

P4wnP1-LTE

Reading time: ~12 min
Posted by Rogan Dawes on 09 July 2023
Categories: Hardware, Physical threats, Redteam
I’ve written a couple of blog posts in the past in which I explain how to use Marcus Mengs’ truly...

select * from projectdiscovery join steampipe

Reading time: ~4 min
Posted by Leon Jacobs on 03 July 2023
Categories: Bug bountry, Footprinting, Steampipe, Bugbounty
Recently, I decided to take a look at Steampipe again. I like SQL and the structure it provides, and after...

an offensive look at docker desktop extensions

Reading time: ~39 min
Posted by Leon Jacobs on 30 May 2023
Categories: Containers, Docker, Command injection, Extensions, Sensecon
For our annual internal hacker conference dubbed SenseCon in 2023, I decided to take a quick look at Docker Desktop...

Investigating the Wink Hub 2

Reading time: ~15 min
Posted by Rogan Dawes on 26 May 2023
Categories: Hardware, Sensecon, Teardown
Rogan brought half of his hardware parts bin to the hackathon! Michael Rodger, Daniel Scragg, Isak van der Walt, Thulani...

hash-cracker – password cracking done effectively

Reading time: ~18 min
Posted by Bart van Bodegom on 05 April 2023
Categories: Hashcat, Knowledge-base, Tools, Hash-cracking
Intro I wrote a tool to help with cracking of hashes, today I finally decided to blog about it. The...

Protected Users: you thought you were safe uh?

Reading time: ~10 min
Posted by aurelien.chalot@orangecyberdefense.com on 31 March 2023
Categories: Kerberos, Ntlm, Windows, Delegation, Protected users
On the 31st of October 2022, a PR on CrackMapExec from Thomas Seigneuret (@Zblurx) was merged. This PR fixed Kerberos...

From BitLocker-Suspended to Virtual Machine

Reading time: ~6 min
Posted by Reino Mostert on 28 March 2023
Categories: Bitlocker, Clone, Virtualisation
On a recent red-team I was given a client laptop from which I was expected to simulate an insider-threat/employee laptop...

Decoding BlazorPack

Reading time: ~14 min
Posted by Rogan Dawes on 22 February 2023
Categories: Mallet, Webapps, Websockets
TL;DR: I couldn’t make a custom BlazorPack editor work in Burp, so I used Mallet instead. From an indecipherable binary...

Jumping into SOCKS

Reading time: ~30 min
Posted by Jacques Coertze on 24 January 2023
Categories: Post-exploitation, Research, Tool, Socks
On a recent internal assessment, we ran into a problem. While holding low-privileged access to an internal Windows host, we...