Felipe Molina
@felmoltor.me
Mastodon [email protected]. Now with more #OSCP than the previous version. Working @SensePost.com - Orange Cyberdefense
https://blog.felipemolina.com/
https://blog.felipemolina.com/
I'm still in the learning phase, but I feel pretty proud of my first M42 Nebula shot 🌌. Even taking it with a full moon and in the middle of the city, I got a decent photo.
Next time will be much better 💪🏼
Next time will be much better 💪🏼
February 1, 2026 at 8:08 PM
I'm still in the learning phase, but I feel pretty proud of my first M42 Nebula shot 🌌. Even taking it with a full moon and in the middle of the city, I got a decent photo.
Next time will be much better 💪🏼
Next time will be much better 💪🏼
Reposted by Felipe Molina
an easy way to remember the difference between ssh -L and ssh -R is to try both until it works
January 28, 2026 at 1:28 AM
an easy way to remember the difference between ssh -L and ssh -R is to try both until it works
Reposted by Felipe Molina
I updated that Burp Global Match & Replace plugin to use the Montoya API, be able to target specific Burp tools (or apply globally), extend the rule matching syntax, and give you a view per request and response of the changes.
github.com/singe/burp_g...
github.com/singe/burp_g...
January 26, 2026 at 1:01 PM
I updated that Burp Global Match & Replace plugin to use the Montoya API, be able to target specific Burp tools (or apply globally), extend the rule matching syntax, and give you a view per request and response of the changes.
github.com/singe/burp_g...
github.com/singe/burp_g...
Today I made my first portrait of the sun 🌞
You can even see the sunspots! The focal length of my telescope makes it impossible to take the picture of the whole sun, but I'll get to it soon.
You can even see the sunspots! The focal length of my telescope makes it impossible to take the picture of the whole sun, but I'll get to it soon.
January 23, 2026 at 8:43 PM
Today I made my first portrait of the sun 🌞
You can even see the sunspots! The focal length of my telescope makes it impossible to take the picture of the whole sun, but I'll get to it soon.
You can even see the sunspots! The focal length of my telescope makes it impossible to take the picture of the whole sun, but I'll get to it soon.
Reposted by Felipe Molina
Quick lunch time side quest building a simple lab to play with the inetutils-telnetd authentication bypass as disclosed on oss-sec ₁.
github.com/leonjza/inet...
₁ seclists.org/oss-sec/2026...
github.com/leonjza/inet...
₁ seclists.org/oss-sec/2026...
January 21, 2026 at 11:06 AM
Quick lunch time side quest building a simple lab to play with the inetutils-telnetd authentication bypass as disclosed on oss-sec ₁.
github.com/leonjza/inet...
₁ seclists.org/oss-sec/2026...
github.com/leonjza/inet...
₁ seclists.org/oss-sec/2026...
Yesterday I was able to catch, with my phone, Jupiter transitioning through the lens. A lot of margin for improvement (e.g. motor for the RA axis), but happy with the progress I'm making 🔭
January 20, 2026 at 10:25 AM
Yesterday I was able to catch, with my phone, Jupiter transitioning through the lens. A lot of margin for improvement (e.g. motor for the RA axis), but happy with the progress I'm making 🔭
A few photos I took this weekend 🐶🐦
January 19, 2026 at 9:14 AM
A few photos I took this weekend 🐶🐦
Reposted by Felipe Molina
The number of times people have tried to kill Net-NTLMv1 eh?
youtu.be/lm7Cuktpnb4?...
youtu.be/lm7Cuktpnb4?...
January 16, 2026 at 3:47 AM
The number of times people have tried to kill Net-NTLMv1 eh?
youtu.be/lm7Cuktpnb4?...
youtu.be/lm7Cuktpnb4?...
Uh, really excited to give my new toy a try tonight 📹🔭
January 15, 2026 at 11:45 AM
Uh, really excited to give my new toy a try tonight 📹🔭
I'm getting more and more disappointed with the Internet nowadays, so I made one for myself yesterday.
December 31, 2025 at 10:40 PM
I'm getting more and more disappointed with the Internet nowadays, so I made one for myself yesterday.
Reposted by Felipe Molina
A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.
They also refer to Trump as "my king."
They also refer to Trump as "my king."
October 1, 2025 at 3:07 PM
A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.
They also refer to Trump as "my king."
They also refer to Trump as "my king."
Maybe it's my fault, but I'm really missing non-US related content in Bluesky. Can we talk about other countries, please?
I don't want to go back to X 😢 🙏🏼
I don't want to go back to X 😢 🙏🏼
September 11, 2025 at 9:22 AM
Maybe it's my fault, but I'm really missing non-US related content in Bluesky. Can we talk about other countries, please?
I don't want to go back to X 😢 🙏🏼
I don't want to go back to X 😢 🙏🏼
Reposted by Felipe Molina
If you're at RomHack at the end of the month, come tell me your @github.com username and I'll give you early access to the @sensepost.com tool repo for PipeTap at the con! 🙃
Below is a demo of the proxy in action.
www.youtube.com/watch?v=or8Y...
Below is a demo of the proxy in action.
www.youtube.com/watch?v=or8Y...
PipeTap WIP Demo
YouTube video by Leon Jacobs
www.youtube.com
September 10, 2025 at 1:41 PM
If you're at RomHack at the end of the month, come tell me your @github.com username and I'll give you early access to the @sensepost.com tool repo for PipeTap at the con! 🙃
Below is a demo of the proxy in action.
www.youtube.com/watch?v=or8Y...
Below is a demo of the proxy in action.
www.youtube.com/watch?v=or8Y...
Reposted by Felipe Molina
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
September 10, 2025 at 1:41 PM
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
Reposted by Felipe Molina
One of the pools in the Alhambra Palace complex in Granada.... had to be this one for #PalacesandGardens #Water #photography #dailyphoto #travel #Spain
September 4, 2025 at 8:23 PM
One of the pools in the Alhambra Palace complex in Granada.... had to be this one for #PalacesandGardens #Water #photography #dailyphoto #travel #Spain
Reposted by Felipe Molina
Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient.py. Storytime from Aurelien (@Defte_ on the bird site), including instructions for reproducing the test environment yourself.
sensepost.com/blog/2025/a-...
sensepost.com/blog/2025/a-...
July 31, 2025 at 4:19 PM
Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient.py. Storytime from Aurelien (@Defte_ on the bird site), including instructions for reproducing the test environment yourself.
sensepost.com/blog/2025/a-...
sensepost.com/blog/2025/a-...
Reposted by Felipe Molina
From June 2025 through July 2025, the Cloudflare Email Security team has been tracking a cluster of cybercriminal threat activity leveraging Proofpoint and Intermedia link wrapping to mask phishing payloads. Read more: cfl.re/4lUXBEE
Attackers abusing Proofpoint & Intermedia link wrapping to deliver phishing payloads
Attackers are exploiting Proofpoint and Intermedia link wrapping to mask phishing payloads.
cfl.re
July 30, 2025 at 1:54 PM
From June 2025 through July 2025, the Cloudflare Email Security team has been tracking a cluster of cybercriminal threat activity leveraging Proofpoint and Intermedia link wrapping to mask phishing payloads. Read more: cfl.re/4lUXBEE
Reposted by Felipe Molina
There's an ongoing npm supply chain attack taking place:
socket.dev/blog/npm-phi...
x.com/AikidoSecuri...
socket.dev/blog/npm-phi...
x.com/AikidoSecuri...
Active Supply Chain Attack: npm Phishing Campaign Leads to P...
Popular npm packages like eslint-config-prettier were compromised after a phishing attack stole a maintainer’s token, spreading malicious updates.
socket.dev
July 19, 2025 at 11:53 AM
There's an ongoing npm supply chain attack taking place:
socket.dev/blog/npm-phi...
x.com/AikidoSecuri...
socket.dev/blog/npm-phi...
x.com/AikidoSecuri...
I've created a pull request to detect CitrixBleed 2 into Burp's Bcheck repository: github.com/PortSwigger/...
CVE-2025-5777 - CitrixBleed 2 by felmoltor · Pull Request #253 · PortSwigger/BChecks
BCheck Contributions
BCheck compiles and executes as expected
BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
Only .bcheck files have been added o...
github.com
July 17, 2025 at 6:37 AM
I've created a pull request to detect CitrixBleed 2 into Burp's Bcheck repository: github.com/PortSwigger/...
I wrote a tool to detect orphan scripts at a scale using Scrapy as its foundation: JsJack.
Finding vulnerabilities in high-volume traffic sites was more challenging than I initially expected, but I learned many other things from this experience: blog.felipemolina.com/posts/jsjack/
Finding vulnerabilities in high-volume traffic sites was more challenging than I initially expected, but I learned many other things from this experience: blog.felipemolina.com/posts/jsjack/
JsJack
A tool to find orphan scrips and two interesting cases
blog.felipemolina.com
July 14, 2025 at 11:15 AM
I wrote a tool to detect orphan scripts at a scale using Scrapy as its foundation: JsJack.
Finding vulnerabilities in high-volume traffic sites was more challenging than I initially expected, but I learned many other things from this experience: blog.felipemolina.com/posts/jsjack/
Finding vulnerabilities in high-volume traffic sites was more challenging than I initially expected, but I learned many other things from this experience: blog.felipemolina.com/posts/jsjack/
Reposted by Felipe Molina
Oh neato, a 13 year-old vuln in
(checks notes)
all US trains that allowed anyone to control the brakes?
Cool cool cool.
(checks notes)
all US trains that allowed anyone to control the brakes?
Cool cool cool.
Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now
Wireless hardware to seriously disrupt rail transport costs less than $500.
www.tomshardware.com
July 14, 2025 at 4:10 AM
Oh neato, a 13 year-old vuln in
(checks notes)
all US trains that allowed anyone to control the brakes?
Cool cool cool.
(checks notes)
all US trains that allowed anyone to control the brakes?
Cool cool cool.
Reposted by Felipe Molina
Well, a single week was enough to provide a convincing case that a Wikipedia equivalent for LLMs is necessary i.e. decentralized LLM training and serving
July 10, 2025 at 10:28 PM
Well, a single week was enough to provide a convincing case that a Wikipedia equivalent for LLMs is necessary i.e. decentralized LLM training and serving
Reposted by Felipe Molina
Y luego tenemos a unos cuantos gurús educativos proponiendo que el alumnado "le pregunte las dudas" a ChatGPT...
Well, a single week was enough to provide a convincing case that a Wikipedia equivalent for LLMs is necessary i.e. decentralized LLM training and serving
July 11, 2025 at 6:26 AM
Y luego tenemos a unos cuantos gurús educativos proponiendo que el alumnado "le pregunte las dudas" a ChatGPT...
Reposted by Felipe Molina
These arrests are the definition of "don't shit where you eat"
UK police arrest four people, a 20-year-old woman and three men age 17 to 19, in relation to the M&S and Co-op hacks, which started in April and caused havoc (Joe Tidy/BBC)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
July 10, 2025 at 12:14 PM
These arrests are the definition of "don't shit where you eat"
Reposted by Felipe Molina
The finding was for "JWT weak HMAC secret" and it said the secret was literal "secret"
A range of emotions pushed me in various directions at once. What? no.!? yes!!!!!!! let's verify...
A range of emotions pushed me in various directions at once. What? no.!? yes!!!!!!! let's verify...
May 10, 2025 at 7:27 PM
The finding was for "JWT weak HMAC secret" and it said the secret was literal "secret"
A range of emotions pushed me in various directions at once. What? no.!? yes!!!!!!! let's verify...
A range of emotions pushed me in various directions at once. What? no.!? yes!!!!!!! let's verify...