💥 leonjza
@leonjza.bsky.social
[ 'cto @sensepost.com', '@orangecyberdef', 'caffeine fueled', '(╯°□°)╯︵ ┻━┻', 'security guy', 'metalhead', 'i saw your password', 'KOOBo+KXleKAv+KXlSnjgaM=' ]
Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to merlos1977@x and the CybersaiyanIT@x team for making the speaking experience excellent too. 🙃
September 28, 2025 at 6:41 AM
Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to merlos1977@x and the CybersaiyanIT@x team for making the speaking experience excellent too. 🙃
Soon™
Private invites at Romhack next week, public release a while later.
Private invites at Romhack next week, public release a while later.
September 18, 2025 at 6:52 PM
Soon™
Private invites at Romhack next week, public release a while later.
Private invites at Romhack next week, public release a while later.
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
September 10, 2025 at 1:41 PM
I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)
Using @radareorg.bsky.social to dynamically get the virtual address of a @golang.org embed.FS structure to extract some sus embed's with go-embed-extractor¹ in this "dodgy-go-bin" 🔥
¹ github.com/BreakOnCrash...
¹ github.com/BreakOnCrash...
August 27, 2025 at 7:58 PM
Using @radareorg.bsky.social to dynamically get the virtual address of a @golang.org embed.FS structure to extract some sus embed's with go-embed-extractor¹ in this "dodgy-go-bin" 🔥
¹ github.com/BreakOnCrash...
¹ github.com/BreakOnCrash...
Always dig the @defcon.bsky.social artwork around the convention center.
August 10, 2025 at 3:19 PM
Always dig the @defcon.bsky.social artwork around the convention center.
Quite stoked to be speaking at @defcon.bsky.social 33 this year, presenting: "7 Vulns in 7 Days: Breaking Bloatware Faster Than It’s Built".
Reversing, exploits, disclosure pain - it has it all, and it's going to be fun! 💥
See ya soon Vegas. ☀️
Reversing, exploits, disclosure pain - it has it all, and it's going to be fun! 💥
See ya soon Vegas. ☀️
June 17, 2025 at 1:44 PM
Quite stoked to be speaking at @defcon.bsky.social 33 this year, presenting: "7 Vulns in 7 Days: Breaking Bloatware Faster Than It’s Built".
Reversing, exploits, disclosure pain - it has it all, and it's going to be fun! 💥
See ya soon Vegas. ☀️
Reversing, exploits, disclosure pain - it has it all, and it's going to be fun! 💥
See ya soon Vegas. ☀️
Excited by this proposal to gate access to local network resources in browsers. It would block at least one exploit chain I found this year as an example. github.com/explainers-b...
June 5, 2025 at 12:06 PM
Excited by this proposal to gate access to local network resources in browsers. It would block at least one exploit chain I found this year as an example. github.com/explainers-b...
Whipped together a SOCKS5-over-any-transport feature today for the c2 & implant used in @sensepost.com purple teaming / emulation exercises.
Here I have a cURL request, over an ICMP channel, funnelling HTTP requests in and out via our implant :D
Fun! 😄🔥
Here I have a cURL request, over an ICMP channel, funnelling HTTP requests in and out via our implant :D
Fun! 😄🔥
March 29, 2025 at 3:25 PM
Whipped together a SOCKS5-over-any-transport feature today for the c2 & implant used in @sensepost.com purple teaming / emulation exercises.
Here I have a cURL request, over an ICMP channel, funnelling HTTP requests in and out via our implant :D
Fun! 😄🔥
Here I have a cURL request, over an ICMP channel, funnelling HTTP requests in and out via our implant :D
Fun! 😄🔥
A Pretoria 0xc0ffee meetup is starting again!
January 30, 2025 at 7:41 AM
A Pretoria 0xc0ffee meetup is starting again!
Parallels has the ability to "limit" resource usage of VM's. Seems to be (annoyingly) dynamic, and sometimes does this without me asking for it.
Anyways, only after I did a search for curl did I get a useful message that actually helped me debug this instead of a useless curl not found error. :P
Anyways, only after I did a search for curl did I get a useful message that actually helped me debug this instead of a useless curl not found error. :P
December 12, 2024 at 7:51 AM
Parallels has the ability to "limit" resource usage of VM's. Seems to be (annoyingly) dynamic, and sometimes does this without me asking for it.
Anyways, only after I did a search for curl did I get a useful message that actually helped me debug this instead of a useless curl not found error. :P
Anyways, only after I did a search for curl did I get a useful message that actually helped me debug this instead of a useless curl not found error. :P
An hour wasted on this error was because the Parallels VM constrained resources enough to prevent the registry from successfully cloning... rip.
December 11, 2024 at 4:12 PM
An hour wasted on this error was because the Parallels VM constrained resources enough to prevent the registry from successfully cloning... rip.
I risked going outside for this one!
November 24, 2024 at 11:15 AM
I risked going outside for this one!
Installing a fresh Windows 11 VM. Da heck is "App"?!
November 21, 2024 at 1:46 PM
Installing a fresh Windows 11 VM. Da heck is "App"?!
Hands on practicals for our BSides Cape Town Frida workshop are coming along nicely! :D ./cc @ipmegladon.bsky.social #tease
November 16, 2024 at 3:29 PM
Hands on practicals for our BSides Cape Town Frida workshop are coming along nicely! :D ./cc @ipmegladon.bsky.social #tease
End of the year experiments to better scale and manage some of our SensePost training labs with a custom service proxy that spawns isolated backend service containers, based on an incoming HTTP session, as needed.
November 15, 2024 at 6:02 PM
End of the year experiments to better scale and manage some of our SensePost training labs with a custom service proxy that spawns isolated backend service containers, based on an incoming HTTP session, as needed.
At github constellation in JHB, and I loved this slide by Thomas Dohmke!
November 14, 2024 at 7:53 AM
At github constellation in JHB, and I loved this slide by Thomas Dohmke!
Slides for our talk "TTP Emulation in(2024)" that I did with Wrath_ZA@x at 0xcon_jhb@x is now available here!
In this talk we covered a purple teaming approach that leverages custom payload development to maximise red&blue collaboration. Check it out!
github.com/leonjza/publ...
In this talk we covered a purple teaming approach that leverages custom payload development to maximise red&blue collaboration. Check it out!
github.com/leonjza/publ...
November 10, 2024 at 6:07 AM
Slides for our talk "TTP Emulation in(2024)" that I did with Wrath_ZA@x at 0xcon_jhb@x is now available here!
In this talk we covered a purple teaming approach that leverages custom payload development to maximise red&blue collaboration. Check it out!
github.com/leonjza/publ...
In this talk we covered a purple teaming approach that leverages custom payload development to maximise red&blue collaboration. Check it out!
github.com/leonjza/publ...
Debugging a Swift-based dylib loader and like this aptly named "guts" property.
June 28, 2024 at 8:56 AM
Debugging a Swift-based dylib loader and like this aptly named "guts" property.
Slides for my BSides Cape Town talk titled "attacking exchange – fusing lightneuron and cobalt strike" which focusses heavily on MITRE ATT&CK, purple teaming and Turla, can be found here:
github.com/leonjza/publ...
(p.s., dalle3 for pixel art generation is amazing 😍)
github.com/leonjza/publ...
(p.s., dalle3 for pixel art generation is amazing 😍)
December 3, 2023 at 4:51 AM
Slides for my BSides Cape Town talk titled "attacking exchange – fusing lightneuron and cobalt strike" which focusses heavily on MITRE ATT&CK, purple teaming and Turla, can be found here:
github.com/leonjza/publ...
(p.s., dalle3 for pixel art generation is amazing 😍)
github.com/leonjza/publ...
(p.s., dalle3 for pixel art generation is amazing 😍)
DALL-E 3 pixel art generation is seriously cool.
November 17, 2023 at 12:58 PM
DALL-E 3 pixel art generation is seriously cool.
Just stumbled upon this image from 6 years ago when I released objection... 6 years! 🤯
October 31, 2023 at 4:25 PM
Just stumbled upon this image from 6 years ago when I released objection... 6 years! 🤯
I knew about the `yes` utility for long, but it took me reading the netcat README to realise I can have yes output something other than `y`!
October 29, 2023 at 6:32 PM
I knew about the `yes` utility for long, but it took me reading the netcat README to realise I can have yes output something other than `y`!
Maybe I should have been more specific that the person should also be looking at the screens. #DALLE3
October 1, 2023 at 1:50 PM
Maybe I should have been more specific that the person should also be looking at the screens. #DALLE3
I don't know about you, but watching a PrefectIO flow/task timeline can be mesmerising.
September 18, 2023 at 4:28 PM
I don't know about you, but watching a PrefectIO flow/task timeline can be mesmerising.
I just open sourced the steampipe plugin I built while experimenting with adding ProjectDiscovery.io tools!
Blog: https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
Code: https://github.com/sensepost/steampipe-plugin-projectdiscovery
Blog: https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
Code: https://github.com/sensepost/steampipe-plugin-projectdiscovery
July 3, 2023 at 2:16 PM
I just open sourced the steampipe plugin I built while experimenting with adding ProjectDiscovery.io tools!
Blog: https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
Code: https://github.com/sensepost/steampipe-plugin-projectdiscovery
Blog: https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
Code: https://github.com/sensepost/steampipe-plugin-projectdiscovery