💥 leonjza
@leonjza.bsky.social
[ 'cto @sensepost.com', '@orangecyberdef', 'caffeine fueled', '(╯°□°)╯︵ ┻━┻', 'security guy', 'metalhead', 'i saw your password', 'KOOBo+KXleKAv+KXlSnjgaM=' ]
Pinned
💥 leonjza
@leonjza.bsky.social
· Nov 10
Slides for our talk "TTP Emulation in(2024)" that I did with Wrath_ZA@x at 0xcon_jhb@x is now available here!
In this talk we covered a purple teaming approach that leverages custom payload development to maximise red&blue collaboration. Check it out!
github.com/leonjza/publ...
In this talk we covered a purple teaming approach that leverages custom payload development to maximise red&blue collaboration. Check it out!
github.com/leonjza/publ...
Reposted by 💥 leonjza
We've been waiting 5 years for this: objection has been updated to 1.12.x with Frida17+ support. Thank you so much @leonjza.bsky.social and everyone who contributed!
github.com/sensepost/ob...
Thanks to @ipmegladon.bsky.social for updating the MASTG accordingly (OWASP/mastg/pull/3378)
github.com/sensepost/ob...
Thanks to @ipmegladon.bsky.social for updating the MASTG accordingly (OWASP/mastg/pull/3378)
Release 1.12.0 · sensepost/objection
The, wow, finally, a release release! 😂
Honestly, there has been so much that has changed, and it's hard to thank and attribute to everyone that has contributed. To that end, thank you for your con...
github.com
November 21, 2025 at 12:30 PM
We've been waiting 5 years for this: objection has been updated to 1.12.x with Frida17+ support. Thank you so much @leonjza.bsky.social and everyone who contributed!
github.com/sensepost/ob...
Thanks to @ipmegladon.bsky.social for updating the MASTG accordingly (OWASP/mastg/pull/3378)
github.com/sensepost/ob...
Thanks to @ipmegladon.bsky.social for updating the MASTG accordingly (OWASP/mastg/pull/3378)
It's... been a while since the last objection release got tagged. We finally landed a 1.12 release today which also means pypi is up to date again, and for the foreseeable future! Work never really stopped, and plenty of bug fixes are included. More in 🧵
github.com/sensepost/ob...
github.com/sensepost/ob...
November 21, 2025 at 3:50 PM
It's... been a while since the last objection release got tagged. We finally landed a 1.12 release today which also means pypi is up to date again, and for the foreseeable future! Work never really stopped, and plenty of bug fixes are included. More in 🧵
github.com/sensepost/ob...
github.com/sensepost/ob...
Reposted by 💥 leonjza
Made this last night, it’s useful for finding a large number of domains hosting phishing kits or malware based on a consistent pattern github.com/singe/domain-p… Might be useful for some of you.
GitHub - singe/domain-probe: A utility to find identically configured domains and web-servers based on a pattern. Used to find phishing kits.
A utility to find identically configured domains and web-servers based on a pattern. Used to find phishing kits. - singe/domain-probe
github.com
November 20, 2025 at 6:22 AM
Made this last night, it’s useful for finding a large number of domains hosting phishing kits or malware based on a consistent pattern github.com/singe/domain-p… Might be useful for some of you.
Reposted by 💥 leonjza
Need to open doors from the outside without touching anything? Turns out thats possible with no touch sensors as @shifttymike.bsky.social details in his latest blog post.
sensepost.com/blog/2025/no...
sensepost.com/blog/2025/no...
November 19, 2025 at 1:29 PM
Need to open doors from the outside without touching anything? Turns out thats possible with no touch sensors as @shifttymike.bsky.social details in his latest blog post.
sensepost.com/blog/2025/no...
sensepost.com/blog/2025/no...
Landed a new gowitness release, this time focussing on performance! 🎉 v3.1.0
github.com/sensepost/go...
github.com/sensepost/go...
Release 3.1.0 · sensepost/gowitness
A new release, this time focussing on performance and various bug fixes! Thanks to all of the contributors! Enjoy! 🎉
New
Refactor the chromedp driver, focussing on performance. The new implementat...
github.com
November 17, 2025 at 7:31 PM
Landed a new gowitness release, this time focussing on performance! 🎉 v3.1.0
github.com/sensepost/go...
github.com/sensepost/go...
Reposted by 💥 leonjza
Tradecraft Engineering with Aspect-Oriented Programming
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
Tradecraft Engineering with Aspect-Oriented Programming
It’s 2025 and apparently, I’m still a Java programmer. One of the things I never liked about Java’s culture, going back many years ago, was the tendency to hype frameworks that seemed to over-engin…
aff-wg.org
November 10, 2025 at 6:21 PM
Tradecraft Engineering with Aspect-Oriented Programming
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
Reposted by 💥 leonjza
I've also updated Crystal Loaders to benefit from some of the new CP features github.com/rasta-mouse/...
GitHub - rasta-mouse/Crystal-Loaders: A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike - rasta-mouse/Crystal-Loaders
github.com
October 29, 2025 at 5:39 PM
I've also updated Crystal Loaders to benefit from some of the new CP features github.com/rasta-mouse/...
Reposted by 💥 leonjza
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
ATT&CK v18: Detection Strategies, More Adversary Insights,
ATT&CK v18 is released with new Detection Strategies, Analytics, and revamped Data Components!
medium.com
October 28, 2025 at 2:56 PM
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
Reposted by 💥 leonjza
Just added SOCKS support to this reverse tunnelling tool github.com/singe/contun...
October 28, 2025 at 2:58 PM
Just added SOCKS support to this reverse tunnelling tool github.com/singe/contun...
Reposted by 💥 leonjza
github.com/singe/contun.p… this was a fun nerd snipe - how do you build a listed:listen connect:connect reverse tunnel that can handle concurrent connections when you only have Perl.
GitHub - singe/contun.pl: A concurrent listen:listen connect:connect tunnelling solution written in Perl
A concurrent listen:listen connect:connect tunnelling solution written in Perl - singe/contun.pl
github.com
October 27, 2025 at 7:00 PM
github.com/singe/contun.p… this was a fun nerd snipe - how do you build a listed:listen connect:connect reverse tunnel that can handle concurrent connections when you only have Perl.
Reposted by 💥 leonjza
🚀 Insomni’hack 2026 is coming!
🗓️ March 16-20 @ SwissTech, Lausanne
Mon-Wed: Workshops | Thu-Fri: Talks | Fri-Sat: CTF
👉 More details soon: https://ow.ly/S3uv50XgSuS
🔔 Save the dates & stay tuned!
#INSO26 #cybersecurity #CTF #event #Lausanne
🗓️ March 16-20 @ SwissTech, Lausanne
Mon-Wed: Workshops | Thu-Fri: Talks | Fri-Sat: CTF
👉 More details soon: https://ow.ly/S3uv50XgSuS
🔔 Save the dates & stay tuned!
#INSO26 #cybersecurity #CTF #event #Lausanne
October 23, 2025 at 1:30 PM
🚀 Insomni’hack 2026 is coming!
🗓️ March 16-20 @ SwissTech, Lausanne
Mon-Wed: Workshops | Thu-Fri: Talks | Fri-Sat: CTF
👉 More details soon: https://ow.ly/S3uv50XgSuS
🔔 Save the dates & stay tuned!
#INSO26 #cybersecurity #CTF #event #Lausanne
🗓️ March 16-20 @ SwissTech, Lausanne
Mon-Wed: Workshops | Thu-Fri: Talks | Fri-Sat: CTF
👉 More details soon: https://ow.ly/S3uv50XgSuS
🔔 Save the dates & stay tuned!
#INSO26 #cybersecurity #CTF #event #Lausanne
Reposted by 💥 leonjza
Working on a new PICO! This one is an in-memory CLR hoster that uses the same technique as execute-assembly/donut to invoke a .NET assembly without touching the disk.
October 16, 2025 at 8:54 AM
Working on a new PICO! This one is an in-memory CLR hoster that uses the same technique as execute-assembly/donut to invoke a .NET assembly without touching the disk.
Reposted by 💥 leonjza
📢Insomni'hack Call for Paper is now open!
The CFP 2026 is now accepting submissions.
Want to speak, lead a workshop, or present a case study? We want to hear from you!
🔗 Submit: https://ow.ly/nNov50Xbylu
#InsomniHack #CFP #Cybersecurity #Infosec #TechTalks
The CFP 2026 is now accepting submissions.
Want to speak, lead a workshop, or present a case study? We want to hear from you!
🔗 Submit: https://ow.ly/nNov50Xbylu
#InsomniHack #CFP #Cybersecurity #Infosec #TechTalks
October 15, 2025 at 9:07 AM
📢Insomni'hack Call for Paper is now open!
The CFP 2026 is now accepting submissions.
Want to speak, lead a workshop, or present a case study? We want to hear from you!
🔗 Submit: https://ow.ly/nNov50Xbylu
#InsomniHack #CFP #Cybersecurity #Infosec #TechTalks
The CFP 2026 is now accepting submissions.
Want to speak, lead a workshop, or present a case study? We want to hear from you!
🔗 Submit: https://ow.ly/nNov50Xbylu
#InsomniHack #CFP #Cybersecurity #Infosec #TechTalks
Reposted by 💥 leonjza
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
October 4, 2025 at 10:39 AM
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to merlos1977@x and the CybersaiyanIT@x team for making the speaking experience excellent too. 🙃
September 28, 2025 at 6:41 AM
Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to merlos1977@x and the CybersaiyanIT@x team for making the speaking experience excellent too. 🙃
Soon™
Private invites at Romhack next week, public release a while later.
Private invites at Romhack next week, public release a while later.
September 18, 2025 at 6:52 PM
Soon™
Private invites at Romhack next week, public release a while later.
Private invites at Romhack next week, public release a while later.
Reposted by 💥 leonjza
added a cheat sheet to the official Git website
(with a lot of help from other folks who work on the website)
git-scm.com/cheat-sheet
(with a lot of help from other folks who work on the website)
git-scm.com/cheat-sheet
Git Cheat Sheet
git-scm.com
September 16, 2025 at 6:28 PM
added a cheat sheet to the official Git website
(with a lot of help from other folks who work on the website)
git-scm.com/cheat-sheet
(with a lot of help from other folks who work on the website)
git-scm.com/cheat-sheet
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
September 10, 2025 at 1:41 PM
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
Reposted by 💥 leonjza
Did you know your MacBook has a sensor that knows the exact angle of the screen hinge?
It’s not exposed as a public API, but I figured out a way to read it and make it sound like an old wooden door.
It’s not exposed as a public API, but I figured out a way to read it and make it sound like an old wooden door.
September 6, 2025 at 8:44 PM
Did you know your MacBook has a sensor that knows the exact angle of the screen hinge?
It’s not exposed as a public API, but I figured out a way to read it and make it sound like an old wooden door.
It’s not exposed as a public API, but I figured out a way to read it and make it sound like an old wooden door.
Using @radareorg.bsky.social to dynamically get the virtual address of a @golang.org embed.FS structure to extract some sus embed's with go-embed-extractor¹ in this "dodgy-go-bin" 🔥
¹ github.com/BreakOnCrash...
¹ github.com/BreakOnCrash...
August 27, 2025 at 7:58 PM
Using @radareorg.bsky.social to dynamically get the virtual address of a @golang.org embed.FS structure to extract some sus embed's with go-embed-extractor¹ in this "dodgy-go-bin" 🔥
¹ github.com/BreakOnCrash...
¹ github.com/BreakOnCrash...
Reposted by 💥 leonjza
Phrack turns 40.
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
August 19, 2025 at 5:08 AM
Phrack turns 40.
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
Hah! Made it to a @badsectorlabs.com LWiS release with my collection of bloatware exploits released @defcon.bsky.social earlier this month!
Check out the POC's for CVE-2025-3462, CVE-2025-3463, CVE-2025-27812, CVE-2025-27813, CVE-2025-5491 and CVE-2025-27811 here: github.com/sensepost/bl...
Check out the POC's for CVE-2025-3462, CVE-2025-3463, CVE-2025-27812, CVE-2025-27813, CVE-2025-5491 and CVE-2025-27811 here: github.com/sensepost/bl...
GitHub - sensepost/bloatware-pwn: LPE / RCE Exploits for various vulnerable "Bloatware" products
LPE / RCE Exploits for various vulnerable "Bloatware" products - sensepost/bloatware-pwn
github.com
August 19, 2025 at 5:06 AM
Hah! Made it to a @badsectorlabs.com LWiS release with my collection of bloatware exploits released @defcon.bsky.social earlier this month!
Check out the POC's for CVE-2025-3462, CVE-2025-3463, CVE-2025-27812, CVE-2025-27813, CVE-2025-5491 and CVE-2025-27811 here: github.com/sensepost/bl...
Check out the POC's for CVE-2025-3462, CVE-2025-3463, CVE-2025-27812, CVE-2025-27813, CVE-2025-5491 and CVE-2025-27811 here: github.com/sensepost/bl...
Always dig the @defcon.bsky.social artwork around the convention center.
August 10, 2025 at 3:19 PM
Always dig the @defcon.bsky.social artwork around the convention center.