banner
LightNews
felmoltor.me
Felipe Molina
@felmoltor.me
91 followers 210 following 68 posts
Mastodon [email protected]. Now with more #OSCP than the previous version. Working @SensePost.com - Orange Cyberdefense https://blog.felipemolina.com/
blog.felipemolina.com
Posts Media Videos Starter Packs
Reposted by Felipe Molina
agreenberg.bsky.social
Andy Greenberg @agreenberg.bsky.social · 12d
A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.

They also refer to Trump as "my king."
2 22 33
felmoltor.me
Felipe Molina @felmoltor.me · Sep 11
Eso no se olvida nunca, lo llevo como el tatuaje de la mili de "Amor de GPO"
1
felmoltor.me
Felipe Molina @felmoltor.me · Sep 11
Gracias! Me va a venir genial esa lista para desconectar un poco del contenido americano.
Joder, no consigo recordar ese diagrama de Venn! Pero tampoco me acuerdo de lo que comí ayer, así que...
1 1
felmoltor.me
Felipe Molina @felmoltor.me · Sep 11
Yeah, probably it's my fault (my follow list), combined with the insufficient user base of other countries here, and, probably, the algorithm used in the "Discovery" tab.
1 1
felmoltor.me
Felipe Molina @felmoltor.me · Sep 11
Maybe it's my fault, but I'm really missing non-US related content in Bluesky. Can we talk about other countries, please?
I don't want to go back to X 😢 🙏🏼
1 2
Reposted by Felipe Molina
leonjza.bsky.social
💥 leonjza @leonjza.bsky.social · Sep 10
If you're at RomHack at the end of the month, come tell me your @github.com username and I'll give you early access to the @sensepost.com tool repo for PipeTap at the con! 🙃

Below is a demo of the proxy in action.

www.youtube.com/watch?v=or8Y...
PipeTap WIP Demo
YouTube video by Leon Jacobs
www.youtube.com
1 2 2
Reposted by Felipe Molina
leonjza.bsky.social
💥 leonjza @leonjza.bsky.social · Sep 10
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
The proxy view for PipeTap, a Windows Named Pipe Analysis Tool
2 7 7
Reposted by Felipe Molina
nfknanna.bsky.social
Nfknanna @nfknanna.bsky.social · Sep 4
One of the pools in the Alhambra Palace complex in Granada.... had to be this one for #PalacesandGardens #Water #photography #dailyphoto #travel #Spain
Three sides of a sand-coloured building surrounding a rectangular pool. The pool is edged by a low hedge and the water reflects the surrounding buildings and the blue sky above. In the foreground water trickles down into the pool from a smaller circular stone pool. The building at the far end has a carved, arched verandah and sits below a square tower. People stroll along the sides of the building.
1 2 26
Reposted by Felipe Molina
sensepost.com
SensePost @sensepost.com · Jul 31
Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient.py. Storytime from Aurelien (@Defte_ on the bird site), including instructions for reproducing the test environment yourself.

sensepost.com/blog/2025/a-...
A screenshot of two windows. The top is a view of the Microsoft SQL management GUI showing that “Extended Protection” is enabled for NTLM authentication. The bottom is a terminal showing an invocation of Impacket’s mssqlclient.py successfully connecting using channel binding.
6 10
Reposted by Felipe Molina
cloudflare.social
Cloudflare @cloudflare.social · Jul 30
From June 2025 through July 2025, the Cloudflare Email Security team has been tracking a cluster of cybercriminal threat activity leveraging Proofpoint and Intermedia link wrapping to mask phishing payloads. Read more: cfl.re/4lUXBEE
Attackers abusing Proofpoint & Intermedia link wrapping to deliver phishing payloads
Attackers are exploiting Proofpoint and Intermedia link wrapping to mask phishing payloads.
cfl.re
2 8
Reposted by Felipe Molina
campuscodi.risky.biz
Catalin Cimpanu @campuscodi.risky.biz · Jul 19
There's an ongoing npm supply chain attack taking place:

socket.dev/blog/npm-phi...

x.com/AikidoSecuri...
Active Supply Chain Attack: npm Phishing Campaign Leads to P...
Popular npm packages like eslint-config-prettier were compromised after a phishing attack stole a maintainer’s token, spreading malicious updates.
socket.dev
10 23
felmoltor.me
Felipe Molina @felmoltor.me · Jul 17
The bcheck is here, ping me if you have comments or improvement suggestions: github.com/felmoltor/BC...
BChecks/vulnerabilities-CVEd/CVE-2025-5777 - CitrixBleed 2.bcheck at main · felmoltor/BChecks
BChecks collection for Burp Suite Professional and Burp Suite DAST - felmoltor/BChecks
github.com
felmoltor.me
Felipe Molina @felmoltor.me · Jul 17
I've created a pull request to detect CitrixBleed 2 into Burp's Bcheck repository: github.com/PortSwigger/...
CVE-2025-5777 - CitrixBleed 2 by felmoltor · Pull Request #253 · PortSwigger/BChecks
BCheck Contributions BCheck compiles and executes as expected BCheck contains appropriate metadata (name, version, author, description and appropriate tags) Only .bcheck files have been added o...
github.com
1
felmoltor.me
Felipe Molina @felmoltor.me · Jul 14
I wrote a tool to detect orphan scripts at a scale using Scrapy as its foundation: JsJack.

Finding vulnerabilities in high-volume traffic sites was more challenging than I initially expected, but I learned many other things from this experience: blog.felipemolina.com/posts/jsjack/
JsJack
A tool to find orphan scrips and two interesting cases
blog.felipemolina.com
Reposted by Felipe Molina
taggart-tech.com
Taggart @taggart-tech.com · Jul 14
Oh neato, a 13 year-old vuln in

(checks notes)

all US trains that allowed anyone to control the brakes?

Cool cool cool.
Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now
Wireless hardware to seriously disrupt rail transport costs less than $500.
www.tomshardware.com
3 12 24
Reposted by Felipe Molina
eugenevinitsky.bsky.social
Eugene Vinitsky 🍒 @eugenevinitsky.bsky.social · Jul 10
Well, a single week was enough to provide a convincing case that a Wikipedia equivalent for LLMs is necessary i.e. decentralized LLM training and serving
asking grok 4 for its opinions on israel palestine it first searches to see what Elon musk thinks
4 17 100
Reposted by Felipe Molina
fernandoblancopsy.com
Fernando Blanco 🦋 🏳️‍🌈 🏳️‍⚧️ @fernandoblancopsy.com · Jul 11
Y luego tenemos a unos cuantos gurús educativos proponiendo que el alumnado "le pregunte las dudas" a ChatGPT...
eugenevinitsky.bsky.social
Eugene Vinitsky 🍒 @eugenevinitsky.bsky.social · Jul 10
Well, a single week was enough to provide a convincing case that a Wikipedia equivalent for LLMs is necessary i.e. decentralized LLM training and serving
asking grok 4 for its opinions on israel palestine it first searches to see what Elon musk thinks
2 7 14
Reposted by Felipe Molina
campuscodi.risky.biz
Catalin Cimpanu @campuscodi.risky.biz · Jul 10
These arrests are the definition of "don't shit where you eat"
techmeme.com
Techmeme @techmeme.com · Jul 10
UK police arrest four people, a 20-year-old woman and three men age 17 to 19, in relation to the M&S and Co-op hacks, which started in April and caused havoc (Joe Tidy/BBC)

Main Link | Techmeme Permalink
1 1 12
Reposted by Felipe Molina
evilpacket.net
Adam Baldwin @evilpacket.net · May 10
The finding was for "JWT weak HMAC secret" and it said the secret was literal "secret"

A range of emotions pushed me in various directions at once. What? no.!? yes!!!!!!! let's verify...
1 1 5
felmoltor.me
Felipe Molina @felmoltor.me · Jun 18
Anyway, the BTC address is 17vv2jEQBbPbzfBaWMJGXJd6EPrsvjt34J and the guy is [email protected]. In case you want to phish the guy 🎣
1
felmoltor.me
Felipe Molina @felmoltor.me · Jun 18
All hail the stupid king! Me! 🤴
In 2024 forgot that I was running a Mongo Express in a docker container without authentication (AS IT WAS ONLY INTERNALLY EXPOSED). Later, I randomly did some tests with Nginx to expose port 8081 and forgot about it... Fast forward to June 2025:
1
felmoltor.me
Felipe Molina @felmoltor.me · Jun 13
If this is true, this is the best news I've read this week! Excited to activate my nostalgia mode with Spaceballs 2! www.ign.com/articles/spa...
Spaceballs 2 Will See Rick Moranis Return as Dark Helmet as Mel Brooks Sequel Trailer Plots a Course for 2027 - IGN
Moviemaking icon Mel Brooks and Amazon MGM Studios have published a special trailer to announce that Spaceballs 2 is moving full steam ahead with plans to premiere in 2027.
www.ign.com
felmoltor.me
Felipe Molina @felmoltor.me · Jun 13
I programmed some time ago a crawler with Scrapy to detect orphan JavaScript scripts in target domains. I think I'll release that tool soon ☺️
Reposted by Felipe Molina
itm4n.bsky.social
Clément Labro @itm4n.bsky.social · Jun 11
🆕 New blog post!

"Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck"

This blog post is not so much about PrivescCheck, but rather brings additional insight to the original article published by MDSec on the subject.

👉 itm4n.github.io/checking-sym...

#redteam
Sample output of PrivescCheck showing the information collected about the Symantec Management Agent (SMA).
4 8
felmoltor.me
Felipe Molina @felmoltor.me · Jun 11
I was talking with someone about dependency confusion and suply chain attacks and I was confused myself with the feasibility of doing this in 2025, so I decided to take a practical aproach and create my own tool 🔨 to detect Orphan and Mispelled packages 📦: sensepost.com/blog/2025/de...
SensePost | Depscanner: find orphaned packages before the bad guys do
Leaders in Information Security
sensepost.com
3 5