Felipe Molina
@felmoltor.me
Mastodon felmoltor@defcon.social. Now with more #OSCP than the previous version. Working @SensePost.com - Orange Cyberdefense
https://blog.felipemolina.com/
https://blog.felipemolina.com/
Reposted by Felipe Molina
A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.
They also refer to Trump as "my king."
They also refer to Trump as "my king."
October 1, 2025 at 3:07 PM
A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.
They also refer to Trump as "my king."
They also refer to Trump as "my king."
Maybe it's my fault, but I'm really missing non-US related content in Bluesky. Can we talk about other countries, please?
I don't want to go back to X 😢 🙏🏼
I don't want to go back to X 😢 🙏🏼
September 11, 2025 at 9:22 AM
Maybe it's my fault, but I'm really missing non-US related content in Bluesky. Can we talk about other countries, please?
I don't want to go back to X 😢 🙏🏼
I don't want to go back to X 😢 🙏🏼
Reposted by Felipe Molina
If you're at RomHack at the end of the month, come tell me your @github.com username and I'll give you early access to the @sensepost.com tool repo for PipeTap at the con! 🙃
Below is a demo of the proxy in action.
www.youtube.com/watch?v=or8Y...
Below is a demo of the proxy in action.
www.youtube.com/watch?v=or8Y...
PipeTap WIP Demo
YouTube video by Leon Jacobs
www.youtube.com
September 10, 2025 at 1:41 PM
If you're at RomHack at the end of the month, come tell me your @github.com username and I'll give you early access to the @sensepost.com tool repo for PipeTap at the con! 🙃
Below is a demo of the proxy in action.
www.youtube.com/watch?v=or8Y...
Below is a demo of the proxy in action.
www.youtube.com/watch?v=or8Y...
Reposted by Felipe Molina
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
September 10, 2025 at 1:41 PM
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
Reposted by Felipe Molina
One of the pools in the Alhambra Palace complex in Granada.... had to be this one for #PalacesandGardens #Water #photography #dailyphoto #travel #Spain
September 4, 2025 at 8:23 PM
One of the pools in the Alhambra Palace complex in Granada.... had to be this one for #PalacesandGardens #Water #photography #dailyphoto #travel #Spain
Reposted by Felipe Molina
Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient.py. Storytime from Aurelien (@Defte_ on the bird site), including instructions for reproducing the test environment yourself.
sensepost.com/blog/2025/a-...
sensepost.com/blog/2025/a-...
July 31, 2025 at 4:19 PM
Reverse engineering Microsoft’s SQLCMD.exe to implement Channel Binding support for MSSQL into Impacket’s mssqlclient.py. Storytime from Aurelien (@Defte_ on the bird site), including instructions for reproducing the test environment yourself.
sensepost.com/blog/2025/a-...
sensepost.com/blog/2025/a-...
Reposted by Felipe Molina
From June 2025 through July 2025, the Cloudflare Email Security team has been tracking a cluster of cybercriminal threat activity leveraging Proofpoint and Intermedia link wrapping to mask phishing payloads. Read more: cfl.re/4lUXBEE
Attackers abusing Proofpoint & Intermedia link wrapping to deliver phishing payloads
Attackers are exploiting Proofpoint and Intermedia link wrapping to mask phishing payloads.
cfl.re
July 30, 2025 at 1:54 PM
From June 2025 through July 2025, the Cloudflare Email Security team has been tracking a cluster of cybercriminal threat activity leveraging Proofpoint and Intermedia link wrapping to mask phishing payloads. Read more: cfl.re/4lUXBEE
Reposted by Felipe Molina
There's an ongoing npm supply chain attack taking place:
socket.dev/blog/npm-phi...
x.com/AikidoSecuri...
socket.dev/blog/npm-phi...
x.com/AikidoSecuri...
Active Supply Chain Attack: npm Phishing Campaign Leads to P...
Popular npm packages like eslint-config-prettier were compromised after a phishing attack stole a maintainer’s token, spreading malicious updates.
socket.dev
July 19, 2025 at 11:53 AM
There's an ongoing npm supply chain attack taking place:
socket.dev/blog/npm-phi...
x.com/AikidoSecuri...
socket.dev/blog/npm-phi...
x.com/AikidoSecuri...
I've created a pull request to detect CitrixBleed 2 into Burp's Bcheck repository: github.com/PortSwigger/...
CVE-2025-5777 - CitrixBleed 2 by felmoltor · Pull Request #253 · PortSwigger/BChecks
BCheck Contributions
BCheck compiles and executes as expected
BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
Only .bcheck files have been added o...
github.com
July 17, 2025 at 6:37 AM
I've created a pull request to detect CitrixBleed 2 into Burp's Bcheck repository: github.com/PortSwigger/...
I wrote a tool to detect orphan scripts at a scale using Scrapy as its foundation: JsJack.
Finding vulnerabilities in high-volume traffic sites was more challenging than I initially expected, but I learned many other things from this experience: blog.felipemolina.com/posts/jsjack/
Finding vulnerabilities in high-volume traffic sites was more challenging than I initially expected, but I learned many other things from this experience: blog.felipemolina.com/posts/jsjack/
JsJack
A tool to find orphan scrips and two interesting cases
blog.felipemolina.com
July 14, 2025 at 11:15 AM
I wrote a tool to detect orphan scripts at a scale using Scrapy as its foundation: JsJack.
Finding vulnerabilities in high-volume traffic sites was more challenging than I initially expected, but I learned many other things from this experience: blog.felipemolina.com/posts/jsjack/
Finding vulnerabilities in high-volume traffic sites was more challenging than I initially expected, but I learned many other things from this experience: blog.felipemolina.com/posts/jsjack/
Reposted by Felipe Molina
Oh neato, a 13 year-old vuln in
(checks notes)
all US trains that allowed anyone to control the brakes?
Cool cool cool.
(checks notes)
all US trains that allowed anyone to control the brakes?
Cool cool cool.
Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now
Wireless hardware to seriously disrupt rail transport costs less than $500.
www.tomshardware.com
July 14, 2025 at 4:10 AM
Oh neato, a 13 year-old vuln in
(checks notes)
all US trains that allowed anyone to control the brakes?
Cool cool cool.
(checks notes)
all US trains that allowed anyone to control the brakes?
Cool cool cool.
Reposted by Felipe Molina
Well, a single week was enough to provide a convincing case that a Wikipedia equivalent for LLMs is necessary i.e. decentralized LLM training and serving
July 10, 2025 at 10:28 PM
Well, a single week was enough to provide a convincing case that a Wikipedia equivalent for LLMs is necessary i.e. decentralized LLM training and serving
Reposted by Felipe Molina
Y luego tenemos a unos cuantos gurús educativos proponiendo que el alumnado "le pregunte las dudas" a ChatGPT...
Well, a single week was enough to provide a convincing case that a Wikipedia equivalent for LLMs is necessary i.e. decentralized LLM training and serving
July 11, 2025 at 6:26 AM
Y luego tenemos a unos cuantos gurús educativos proponiendo que el alumnado "le pregunte las dudas" a ChatGPT...
Reposted by Felipe Molina
These arrests are the definition of "don't shit where you eat"
UK police arrest four people, a 20-year-old woman and three men age 17 to 19, in relation to the M&S and Co-op hacks, which started in April and caused havoc (Joe Tidy/BBC)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
July 10, 2025 at 12:14 PM
These arrests are the definition of "don't shit where you eat"
Reposted by Felipe Molina
The finding was for "JWT weak HMAC secret" and it said the secret was literal "secret"
A range of emotions pushed me in various directions at once. What? no.!? yes!!!!!!! let's verify...
A range of emotions pushed me in various directions at once. What? no.!? yes!!!!!!! let's verify...
May 10, 2025 at 7:27 PM
The finding was for "JWT weak HMAC secret" and it said the secret was literal "secret"
A range of emotions pushed me in various directions at once. What? no.!? yes!!!!!!! let's verify...
A range of emotions pushed me in various directions at once. What? no.!? yes!!!!!!! let's verify...
All hail the stupid king! Me! 🤴
In 2024 forgot that I was running a Mongo Express in a docker container without authentication (AS IT WAS ONLY INTERNALLY EXPOSED). Later, I randomly did some tests with Nginx to expose port 8081 and forgot about it... Fast forward to June 2025:
In 2024 forgot that I was running a Mongo Express in a docker container without authentication (AS IT WAS ONLY INTERNALLY EXPOSED). Later, I randomly did some tests with Nginx to expose port 8081 and forgot about it... Fast forward to June 2025:
June 18, 2025 at 9:49 AM
All hail the stupid king! Me! 🤴
In 2024 forgot that I was running a Mongo Express in a docker container without authentication (AS IT WAS ONLY INTERNALLY EXPOSED). Later, I randomly did some tests with Nginx to expose port 8081 and forgot about it... Fast forward to June 2025:
In 2024 forgot that I was running a Mongo Express in a docker container without authentication (AS IT WAS ONLY INTERNALLY EXPOSED). Later, I randomly did some tests with Nginx to expose port 8081 and forgot about it... Fast forward to June 2025:
If this is true, this is the best news I've read this week! Excited to activate my nostalgia mode with Spaceballs 2! www.ign.com/articles/spa...
Spaceballs 2 Will See Rick Moranis Return as Dark Helmet as Mel Brooks Sequel Trailer Plots a Course for 2027 - IGN
Moviemaking icon Mel Brooks and Amazon MGM Studios have published a special trailer to announce that Spaceballs 2 is moving full steam ahead with plans to premiere in 2027.
www.ign.com
June 13, 2025 at 9:35 AM
If this is true, this is the best news I've read this week! Excited to activate my nostalgia mode with Spaceballs 2! www.ign.com/articles/spa...
I programmed some time ago a crawler with Scrapy to detect orphan JavaScript scripts in target domains. I think I'll release that tool soon ☺️
June 13, 2025 at 8:57 AM
I programmed some time ago a crawler with Scrapy to detect orphan JavaScript scripts in target domains. I think I'll release that tool soon ☺️
Reposted by Felipe Molina
🆕 New blog post!
"Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck"
This blog post is not so much about PrivescCheck, but rather brings additional insight to the original article published by MDSec on the subject.
👉 itm4n.github.io/checking-sym...
#redteam
"Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck"
This blog post is not so much about PrivescCheck, but rather brings additional insight to the original article published by MDSec on the subject.
👉 itm4n.github.io/checking-sym...
#redteam
June 11, 2025 at 3:46 PM
🆕 New blog post!
"Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck"
This blog post is not so much about PrivescCheck, but rather brings additional insight to the original article published by MDSec on the subject.
👉 itm4n.github.io/checking-sym...
#redteam
"Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck"
This blog post is not so much about PrivescCheck, but rather brings additional insight to the original article published by MDSec on the subject.
👉 itm4n.github.io/checking-sym...
#redteam
I was talking with someone about dependency confusion and suply chain attacks and I was confused myself with the feasibility of doing this in 2025, so I decided to take a practical aproach and create my own tool 🔨 to detect Orphan and Mispelled packages 📦: sensepost.com/blog/2025/de...
SensePost | Depscanner: find orphaned packages before the bad guys do
Leaders in Information Security
sensepost.com
June 11, 2025 at 10:04 AM
I was talking with someone about dependency confusion and suply chain attacks and I was confused myself with the feasibility of doing this in 2025, so I decided to take a practical aproach and create my own tool 🔨 to detect Orphan and Mispelled packages 📦: sensepost.com/blog/2025/de...
Reposted by Felipe Molina
Reposted by Felipe Molina
sombrero galaxy - hubble vs webb:
June 3, 2025 at 4:40 PM
sombrero galaxy - hubble vs webb:
Reposted by Felipe Molina
i still think about the jwst saturn picture a lot
June 5, 2025 at 6:44 PM
i still think about the jwst saturn picture a lot
Reposted by Felipe Molina
Wifi hacking can be a useful tool, but people are out here grinding on WPA2 handshake cracking tutorials & menu driven attack tooling. When we built the 3rd and latest iteration of the wifi hacking course for BlackHat - we did it to show what really works and how it really works. 1/7
June 4, 2025 at 12:01 PM
Wifi hacking can be a useful tool, but people are out here grinding on WPA2 handshake cracking tutorials & menu driven attack tooling. When we built the 3rd and latest iteration of the wifi hacking course for BlackHat - we did it to show what really works and how it really works. 1/7
I finished watching the last chapter of The Leftovers yesterday. Oh, man! Not many series got me so hooked up to the TV and sitting at the edge of my seat as this one has. ❤️
June 4, 2025 at 1:23 PM
I finished watching the last chapter of The Leftovers yesterday. Oh, man! Not many series got me so hooked up to the TV and sitting at the edge of my seat as this one has. ❤️