💥 leonjza
@leonjza.bsky.social
[ 'cto @sensepost.com', '@orangecyberdef', 'caffeine fueled', '(╯°□°)╯︵ ┻━┻', 'security guy', 'metalhead', 'i saw your password', 'KOOBo+KXleKAv+KXlSnjgaM=' ]
Pinned
💥 leonjza
@leonjza.bsky.social
· Nov 10
Slides for our talk "TTP Emulation in(2024)" that I did with Wrath_ZA@x at 0xcon_jhb@x is now available here!
In this talk we covered a purple teaming approach that leverages custom payload development to maximise red&blue collaboration. Check it out!
github.com/leonjza/publ...
In this talk we covered a purple teaming approach that leverages custom payload development to maximise red&blue collaboration. Check it out!
github.com/leonjza/publ...
Reposted by 💥 leonjza
[BLOG]
This update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command.
rastamouse.me/pic-symphony/
This update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command.
rastamouse.me/pic-symphony/
December 1, 2025 at 8:12 PM
[BLOG]
This update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command.
rastamouse.me/pic-symphony/
This update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command.
rastamouse.me/pic-symphony/
Reposted by 💥 leonjza
LibPicoManager is a unified PICO management framework that provides centralized control over PICOs in memory, enabling dynamic code loading, runtime PICO substitution, and advanced evasion techniques like sleep masking through a single RWX code block.
github.com/pard0p/LibPi...
github.com/pard0p/LibPi...
GitHub - pard0p/LibPicoManager: LibPicoManager is a unified PICO management framework that provides centralized control over Position Independent Code Objects in shared memory, enabling dynamic code l...
LibPicoManager is a unified PICO management framework that provides centralized control over Position Independent Code Objects in shared memory, enabling dynamic code loading, runtime PICO substitu...
github.com
December 1, 2025 at 11:24 PM
LibPicoManager is a unified PICO management framework that provides centralized control over PICOs in memory, enabling dynamic code loading, runtime PICO substitution, and advanced evasion techniques like sleep masking through a single RWX code block.
github.com/pard0p/LibPi...
github.com/pard0p/LibPi...
Reposted by 💥 leonjza
Where I'm going with this: we're in research territory. We may find patterns that just make sense as the way to tackle certain problems/architectural needs. And, in some cases, tightly coupling things may be the right answer.
Always keep the task/problem first, make elegance a lower priority aim.
Always keep the task/problem first, make elegance a lower priority aim.
December 2, 2025 at 3:48 AM
Where I'm going with this: we're in research territory. We may find patterns that just make sense as the way to tackle certain problems/architectural needs. And, in some cases, tightly coupling things may be the right answer.
Always keep the task/problem first, make elegance a lower priority aim.
Always keep the task/problem first, make elegance a lower priority aim.
Reposted by 💥 leonjza
🎟️ Early Bird tickets for Insomni'hack 2026 are live!
Join us in Switzerland for talks, CTF and networking with industry leaders.
Don’t miss out! Secure your spot now: https://ow.ly/iKes50XzTj3
#INSO26 #Cybersecurity #EthicalHacking #Event
Join us in Switzerland for talks, CTF and networking with industry leaders.
Don’t miss out! Secure your spot now: https://ow.ly/iKes50XzTj3
#INSO26 #Cybersecurity #EthicalHacking #Event
December 1, 2025 at 10:25 AM
🎟️ Early Bird tickets for Insomni'hack 2026 are live!
Join us in Switzerland for talks, CTF and networking with industry leaders.
Don’t miss out! Secure your spot now: https://ow.ly/iKes50XzTj3
#INSO26 #Cybersecurity #EthicalHacking #Event
Join us in Switzerland for talks, CTF and networking with industry leaders.
Don’t miss out! Secure your spot now: https://ow.ly/iKes50XzTj3
#INSO26 #Cybersecurity #EthicalHacking #Event
Reposted by 💥 leonjza
The new version of RTO II is finally available to purchase.
www.zeropointsecurity.co.uk/course/red-t...
www.zeropointsecurity.co.uk/course/red-t...
Red Team Ops II
Gain the knowledge and skills necessary to operate against advanced defences.
www.zeropointsecurity.co.uk
November 28, 2025 at 2:30 PM
The new version of RTO II is finally available to purchase.
www.zeropointsecurity.co.uk/course/red-t...
www.zeropointsecurity.co.uk/course/red-t...
Reposted by 💥 leonjza
We've been waiting 5 years for this: objection has been updated to 1.12.x with Frida17+ support. Thank you so much @leonjza.bsky.social and everyone who contributed!
github.com/sensepost/ob...
Thanks to @ipmegladon.bsky.social for updating the MASTG accordingly (OWASP/mastg/pull/3378)
github.com/sensepost/ob...
Thanks to @ipmegladon.bsky.social for updating the MASTG accordingly (OWASP/mastg/pull/3378)
Release 1.12.0 · sensepost/objection
The, wow, finally, a release release! 😂
Honestly, there has been so much that has changed, and it's hard to thank and attribute to everyone that has contributed. To that end, thank you for your con...
github.com
November 21, 2025 at 12:30 PM
We've been waiting 5 years for this: objection has been updated to 1.12.x with Frida17+ support. Thank you so much @leonjza.bsky.social and everyone who contributed!
github.com/sensepost/ob...
Thanks to @ipmegladon.bsky.social for updating the MASTG accordingly (OWASP/mastg/pull/3378)
github.com/sensepost/ob...
Thanks to @ipmegladon.bsky.social for updating the MASTG accordingly (OWASP/mastg/pull/3378)
It's... been a while since the last objection release got tagged. We finally landed a 1.12 release today which also means pypi is up to date again, and for the foreseeable future! Work never really stopped, and plenty of bug fixes are included. More in 🧵
github.com/sensepost/ob...
github.com/sensepost/ob...
November 21, 2025 at 3:50 PM
It's... been a while since the last objection release got tagged. We finally landed a 1.12 release today which also means pypi is up to date again, and for the foreseeable future! Work never really stopped, and plenty of bug fixes are included. More in 🧵
github.com/sensepost/ob...
github.com/sensepost/ob...
Reposted by 💥 leonjza
Made this last night, it’s useful for finding a large number of domains hosting phishing kits or malware based on a consistent pattern github.com/singe/domain-p… Might be useful for some of you.
GitHub - singe/domain-probe: A utility to find identically configured domains and web-servers based on a pattern. Used to find phishing kits.
A utility to find identically configured domains and web-servers based on a pattern. Used to find phishing kits. - singe/domain-probe
github.com
November 20, 2025 at 6:22 AM
Made this last night, it’s useful for finding a large number of domains hosting phishing kits or malware based on a consistent pattern github.com/singe/domain-p… Might be useful for some of you.
Reposted by 💥 leonjza
Need to open doors from the outside without touching anything? Turns out thats possible with no touch sensors as @shifttymike.bsky.social details in his latest blog post.
sensepost.com/blog/2025/no...
sensepost.com/blog/2025/no...
November 19, 2025 at 1:29 PM
Need to open doors from the outside without touching anything? Turns out thats possible with no touch sensors as @shifttymike.bsky.social details in his latest blog post.
sensepost.com/blog/2025/no...
sensepost.com/blog/2025/no...
Landed a new gowitness release, this time focussing on performance! 🎉 v3.1.0
github.com/sensepost/go...
github.com/sensepost/go...
Release 3.1.0 · sensepost/gowitness
A new release, this time focussing on performance and various bug fixes! Thanks to all of the contributors! Enjoy! 🎉
New
Refactor the chromedp driver, focussing on performance. The new implementat...
github.com
November 17, 2025 at 7:31 PM
Landed a new gowitness release, this time focussing on performance! 🎉 v3.1.0
github.com/sensepost/go...
github.com/sensepost/go...
Reposted by 💥 leonjza
Tradecraft Engineering with Aspect-Oriented Programming
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
Tradecraft Engineering with Aspect-Oriented Programming
It’s 2025 and apparently, I’m still a Java programmer. One of the things I never liked about Java’s culture, going back many years ago, was the tendency to hype frameworks that seemed to over-engin…
aff-wg.org
November 10, 2025 at 6:21 PM
Tradecraft Engineering with Aspect-Oriented Programming
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
Reposted by 💥 leonjza
I've also updated Crystal Loaders to benefit from some of the new CP features github.com/rasta-mouse/...
GitHub - rasta-mouse/Crystal-Loaders: A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike - rasta-mouse/Crystal-Loaders
github.com
October 29, 2025 at 5:39 PM
I've also updated Crystal Loaders to benefit from some of the new CP features github.com/rasta-mouse/...
Reposted by 💥 leonjza
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
ATT&CK v18: Detection Strategies, More Adversary Insights,
ATT&CK v18 is released with new Detection Strategies, Analytics, and revamped Data Components!
medium.com
October 28, 2025 at 2:56 PM
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
Reposted by 💥 leonjza
Just added SOCKS support to this reverse tunnelling tool github.com/singe/contun...
October 28, 2025 at 2:58 PM
Just added SOCKS support to this reverse tunnelling tool github.com/singe/contun...
Reposted by 💥 leonjza
github.com/singe/contun.p… this was a fun nerd snipe - how do you build a listed:listen connect:connect reverse tunnel that can handle concurrent connections when you only have Perl.
GitHub - singe/contun.pl: A concurrent listen:listen connect:connect tunnelling solution written in Perl
A concurrent listen:listen connect:connect tunnelling solution written in Perl - singe/contun.pl
github.com
October 27, 2025 at 7:00 PM
github.com/singe/contun.p… this was a fun nerd snipe - how do you build a listed:listen connect:connect reverse tunnel that can handle concurrent connections when you only have Perl.
Reposted by 💥 leonjza
🚀 Insomni’hack 2026 is coming!
🗓️ March 16-20 @ SwissTech, Lausanne
Mon-Wed: Workshops | Thu-Fri: Talks | Fri-Sat: CTF
👉 More details soon: https://ow.ly/S3uv50XgSuS
🔔 Save the dates & stay tuned!
#INSO26 #cybersecurity #CTF #event #Lausanne
🗓️ March 16-20 @ SwissTech, Lausanne
Mon-Wed: Workshops | Thu-Fri: Talks | Fri-Sat: CTF
👉 More details soon: https://ow.ly/S3uv50XgSuS
🔔 Save the dates & stay tuned!
#INSO26 #cybersecurity #CTF #event #Lausanne
October 23, 2025 at 1:30 PM
🚀 Insomni’hack 2026 is coming!
🗓️ March 16-20 @ SwissTech, Lausanne
Mon-Wed: Workshops | Thu-Fri: Talks | Fri-Sat: CTF
👉 More details soon: https://ow.ly/S3uv50XgSuS
🔔 Save the dates & stay tuned!
#INSO26 #cybersecurity #CTF #event #Lausanne
🗓️ March 16-20 @ SwissTech, Lausanne
Mon-Wed: Workshops | Thu-Fri: Talks | Fri-Sat: CTF
👉 More details soon: https://ow.ly/S3uv50XgSuS
🔔 Save the dates & stay tuned!
#INSO26 #cybersecurity #CTF #event #Lausanne
Reposted by 💥 leonjza
Working on a new PICO! This one is an in-memory CLR hoster that uses the same technique as execute-assembly/donut to invoke a .NET assembly without touching the disk.
October 16, 2025 at 8:54 AM
Working on a new PICO! This one is an in-memory CLR hoster that uses the same technique as execute-assembly/donut to invoke a .NET assembly without touching the disk.
Reposted by 💥 leonjza
📢Insomni'hack Call for Paper is now open!
The CFP 2026 is now accepting submissions.
Want to speak, lead a workshop, or present a case study? We want to hear from you!
🔗 Submit: https://ow.ly/nNov50Xbylu
#InsomniHack #CFP #Cybersecurity #Infosec #TechTalks
The CFP 2026 is now accepting submissions.
Want to speak, lead a workshop, or present a case study? We want to hear from you!
🔗 Submit: https://ow.ly/nNov50Xbylu
#InsomniHack #CFP #Cybersecurity #Infosec #TechTalks
October 15, 2025 at 9:07 AM
📢Insomni'hack Call for Paper is now open!
The CFP 2026 is now accepting submissions.
Want to speak, lead a workshop, or present a case study? We want to hear from you!
🔗 Submit: https://ow.ly/nNov50Xbylu
#InsomniHack #CFP #Cybersecurity #Infosec #TechTalks
The CFP 2026 is now accepting submissions.
Want to speak, lead a workshop, or present a case study? We want to hear from you!
🔗 Submit: https://ow.ly/nNov50Xbylu
#InsomniHack #CFP #Cybersecurity #Infosec #TechTalks
Reposted by 💥 leonjza
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
October 4, 2025 at 10:39 AM
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to merlos1977@x and the CybersaiyanIT@x team for making the speaking experience excellent too. 🙃
September 28, 2025 at 6:41 AM
Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to merlos1977@x and the CybersaiyanIT@x team for making the speaking experience excellent too. 🙃
Soon™
Private invites at Romhack next week, public release a while later.
Private invites at Romhack next week, public release a while later.
September 18, 2025 at 6:52 PM
Soon™
Private invites at Romhack next week, public release a while later.
Private invites at Romhack next week, public release a while later.
Reposted by 💥 leonjza
added a cheat sheet to the official Git website
(with a lot of help from other folks who work on the website)
git-scm.com/cheat-sheet
(with a lot of help from other folks who work on the website)
git-scm.com/cheat-sheet
Git Cheat Sheet
git-scm.com
September 16, 2025 at 6:28 PM
added a cheat sheet to the official Git website
(with a lot of help from other folks who work on the website)
git-scm.com/cheat-sheet
(with a lot of help from other folks who work on the website)
git-scm.com/cheat-sheet
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
September 10, 2025 at 1:41 PM
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)