felmoltor - Network

https://github.com/sensepost/mail-in-the-middle

https://github.com/sensepost/mail-in-the-middle

Building on top of work that an ex-plakker did (Willem Mouton) I automated the technique, and enjoyed the process a lot: here's...

Building on top of work that an ex-plakker did (Willem Mouton) I automated the technique, and enjoyed the process a lot: here's Mail-in-the-middle, helping you to automate spear phishing campaigns at a scale https://sensepost.com/blog/2024/mail-in-the-middle-a-tool-to-automate-spear-phishing-campaigns/

📤👨‍💻📥

I had a punk deja-vu today

I had a punk deja-vu today

Created a quick and dirty PS script to find writable folders in systems where AppLocker is enforced and you cannot execute...

Created a quick and dirty PS script to find writable folders in systems where AppLocker is enforced and you cannot execute "accesschk.exe" 🚫

https://gist.github.com/felmoltor/a6e57000fc7bee8d3b0350abee105e33

Heh, I have now my research about new ways to abuse third-party trusts in Content-Security Policies in Hacktrics...

Heh, I have now my research about new ways to abuse third-party trusts in Content-Security Policies in Hacktrics https://book.hacktricks.xyz/pentesting-web/content-security-policy-csp-bypass#third-party-abuses 🥳

I finally published my Dress Code talk contents here 🥳 : https://sensepost.com/blog/2023/dress-code-the-talk/Check it out to find six new...

I finally published my Dress Code talk contents here 🥳 : https://sensepost.com/blog/2023/dress-code-the-talk/

Check it out to find six new ways (and two that are not very well-known out there) to bypass CSP by abusing excessive trust in third-parties domains. 🚀