Our Blog

Android Application Testing Using Windows 11 and Windows Subsystem for Android

Reading time: ~18 min
Posted by Michael Higgo on 16 November 2021
Categories: Android, Windows, Mobile, Objection, Windows 11, Windows subsystem for android, Wsa, Wsl
With the release of windows 11, Microsoft announced the Windows Subsystem for Android or WSA. This following their previous release,...

sensecon 2021 – wargames edition

Reading time: ~13 min
Posted by Leon Jacobs on 28 September 2021
Categories: Challenge, Ctf, Hackathon, Sensecon 2021, Sensecon
If last year taught us anything, it was that we can move quickly to organise a fully online hacker conference...

Building an offensive RPC interface

Reading time: ~28 min
Posted by aurelien.chalot@orangecyberdefense.com on 03 August 2021
Categories: Internals, Rpc, Windows
Using the Windows Remote Procedure Call (RPC) interface is an interesting concept when conssidering the fact that it allows you...

blackhat_defcon_virtual_vegas_2021.zip

Reading time: ~8 min
Posted by Leon Jacobs on 31 July 2021
Categories: Blackhat, Defcon, Talks, Training, Vegas
Phew! This year’s hacker summer camp is packed with presentations from several hackers across the globe at Orange Cyberdefense. I...

Come do Wi-Fi!

Reading time: ~5 min
Posted by Michael Kruger on 19 July 2021
Categories: Training, Wifi
Wi-Fi is everywhere and having a better understanding of it can fair you well! Over the years we have made...

Exploring The Fundamentals

Reading time: ~9 min
Posted by Jason Spencer on 18 July 2021
Categories: Nmap, Training, Basic, Networking
We are excited to be presenting our Hands-on-Hacking Fundamentals (HHF) course at this year’s BlackHat USA 2021 conference. In our...

Our Enterprise Infrastructure Hacking Course

Reading time: ~4 min
Posted by Dane Goodwin on 18 July 2021
Categories: Infrastructure, Training
Here at Orange Cyberdefense, clients often ask us to test and help secure their infrastructure. We do this a lot....

Adventures into HTTP2 and HTTP3

Reading time: ~21 min
Posted by Jacques Coertze on 27 May 2021
Categories: Http2, Http3, Quic, Webapps
A few months ago I was exploring the write-ups and video solutions for the retired HackTheBox machine – Quick. It’s...

From 500 to Account Takeover

Reading time: ~10 min
Posted by Bram Ruttens on 02 March 2021
Categories: Account takeover, Javascript, Xss, Chain
Introduction What seemed like a regular Cross-site Scripting (XSS) vulnerability on an HTTP 500 “Internal Server Error”-page, I managed to...

on ios binary protections

Reading time: ~11 min
Posted by Leon Jacobs on 02 March 2021
Categories: Ios, Mobile, Objection, Binary
I just got off a call with a client, and realised we need to think about how we report binary...

dwn – a docker pwn tool manager experiment

Reading time: ~10 min
Posted by Leon Jacobs on 08 February 2021
Categories: Docker, Tool, Attack, Pwn
Years ago I learnt docker basics because I just couldn’t get that $ruby_tool to install. The bits of progress I’d...

Android Application Specific Proxies, Easy Mode

Reading time: ~7 min
Posted by Szymon Ziolkowski on 29 January 2021
Categories: Android, Mobile, Objection
In this post I want to share two things. First, a quick primer on how you would you go about...

Duo Two-factor Authentication Bypass

Reading time: ~8 min
Posted by Shaun Kammerling on 28 January 2021
Categories: Bypass, Duo
It’s too easy when hacking, to assume something is invulnerable and not interrogate it. This was the case for me...