Our Blog

Another time sink-hole..

Reading time: Less than a minute
A while back some of us discovered and subsequently lost days to “The Python Challenge“. Well.. prepare to write off...

Amazon SimpleDB – Outsource your database??

Reading time: ~2 min
Amazon announced the beta of Amazon SimpleDB without that much fanfare, but it is an interesting trend to watch.. Essentially...

The coolest thing this weekend…

Reading time: ~2 min
Ok.. so being the cautious geek i am, i had bought a mac mini a while back before jumping into...

Rob Auger from OWASP/WASC/CGiSecurity on Timing..

Reading time: ~1 min
Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our...

Casper and hidden IE windows..

Reading time: Less than a minute
OK.. so it was a long time ago, and old code is supposed to embarrass you.. but i pulled casper.exe...

Dino Dai Zovi is such a Rock Star..

Reading time: ~1 min
Dino is the guy who added much shellcode coolness to MetaSploit, gave the world Karma, released the first virtualization rootkit...

The fine line between failure and success

Reading time: ~5 min
So…because I don’t have a report to write this weekend I’ve had some time to ponder and reflect on stuff...

Google as an MD5 Cracker..

Reading time: ~2 min
Slashdot picked up on the blog post from Light Blue TouchPaper commenting on the fact that a researcher was suprised...

Follow-up (OS X BSOD Win32 Icons)

Reading time: Less than a minute
Of course, Leopard’s new improved ™ finder includes an Itunes’esque “Cover Flow” view (which includes quick view thumbnailing quite impressively).....

Rational vs Emotional Commitment

Reading time: ~1 min
I’ve spoken before on how I like some of Simon T Bailey’s stuff and his general leetnesses…he has some gems…...

i know this has been blogged all over the interwebs..

Reading time: Less than a minute
but Leopards default icon for windows machines has to rank up there with dvwssr.dll (yeah.. thats a BSOD) /mh ok.....

Mind Control, Big Cats, Feynman && kiosks…

Reading time: ~4 min
Aka… A good weekend.. The weekend got off to a slow start, when Amazon claimed it would take a little...

PauldotCom Interview, Part I

Reading time: Less than a minute
OK.. so part one of our pauldotcom interview has hit the interwebs.. it was fun and involved a power failure...

22:30 to 23:30: the quiet hour

Reading time: ~2 min
while waiting around for the PSW guys last night, it seemed like a good time to test our mettle on...

9 days to leopard…

Reading time: ~1 min
You can almost taste the fanboy excitement.. but im guessing there will also be the mandatory rush for the first...

MSDN Mag – Security Edition is out..

Reading time: Less than a minute
The November edition of MSDN magazine [is available] and is another security issue.. The articles look interesting, and if you...

Wikto Updates

Reading time: Less than a minute
A new version of Wikto is also available, which provides a more reliable web spider and also includes some minor...

Suru Version 2.0

Reading time: Less than a minute
We are pleased to announce the release of Suru version 2.0, our MITM proxy. Suru has now been rewritten to...

Piotr Bania Agrees.. Metal Gear Rocks.. (warning.. this post has 0 to do with infosec)

Reading time: ~2 min
Way back in 2000 i bought my kid sister a Sony PlayStation.. I have never been a big gamer (not...

The proof of the pudding ?

Reading time: ~1 min
Royal pingdom did a quick check on what was running at some of the more popular sites on the Internet...

The myth of the expert

Reading time: ~3 min
Something we preach very strongly in our training is the importance of an understanding of the underlying technology / application...

Feedback on our courses in Switzerland

Reading time: ~3 min
We just finished presenting an HBN Bootcamp and an HBN Combat Edition in Lausanne, Switzerland. A lot of people don’t...

reddit: exploit publisher?

Reading time: Less than a minute
saw this in my RSS reader, the null poison byte makes a comeback! Until it gets fixed, you can view...

Is that a robots.txt in your pocket or are you just ahppy to see me?

Reading time: Less than a minute
This will probably get cleaned up soon, but thats a huuuuuuuge robots.txt [ http://www.whitehouse.gov/robots.txt]

I have always tried to keep this blog politics-free

Reading time: Less than a minute
but the last Scott Adams posting on the Iranian presidents US visit has to be the best piece i have...

BotNets not just for SPAM any more

Reading time: Less than a minute
The Symantec Security blog has an article titled “Botnets: not just for spamming anymore“. Interestingly we are now starting to...

Introducing Hex-Rays…

Reading time: ~1 min
These days its almost impossible to read a book on security or vuln-dev without a gratuitous IDA-Pro screenshot. IDA has...

FaceBook

Reading time: Less than a minute
’twas only a matter of time before various FaceBook developers started cashing in on the amount of personal info they...

Alas.. i could have made squillions (aka – Amazon MTURK)

Reading time: ~1 min
In early 2002 i suggested that we could solve some computer problems and south africas street-kid problem by setting up...

Defcon talks – Videos available online..

Reading time: Less than a minute
A recent maillist thread shows that the DC15 videos are anow available online [here] Our video (although my voice sounded...

Heheh.. Elite! snakes on a #$#%@# plane!

Reading time: Less than a minute
Courtesy of afx:

Awesome data visualization stuff…

Reading time: Less than a minute
Steven Murdoch over at lightbluetouchpaper did an investigation into the Privila internship program.. What was also cool however was that...

Another attempt at you-tube science, aka how to save 36c when changing the batteries on your remote!

Reading time: ~1 min
ok.. so a long time ago we tried the you-tube mentos stuff and happily wasted time (and coke) in the...

Medical Doctors.. bah! hambug..

Reading time: ~3 min
I’ve ranted a few times about things i hate about the way we “do medicine”. (Doctors are not alone here.....

How Gentoo got hacked.. holy #@^%&!!

Reading time: Less than a minute
If a picture is worth a 1000 words, then i dont want to know what this reads…

SensePost, now a company of SecureData…

Reading time: ~1 min
For those of you haven’t yet seen, the J.S.E listed SecureData bought 100% of the shares in SensePost late last...

Thunks from hacking games

Reading time: ~8 min
In Vegas I bought Herman “Exploiting Online Games” by Greg Hoglund and Gary McGraw. Being the saint that I am,...

It begs the question…

Reading time: Less than a minute
I cant recall who said it in yesterdays meeting, but my response is simple: http://begthequestion.info/

MTBF and Light Bulbs..

Reading time: ~1 min
Some of you will know that i finally moved out of the shoe box i lived in for 6 years...

BMC Video on DTrace..

Reading time: ~1 min
BMC did his 90 minute engedu talk on DTrace at google to show some of its coolness (and from the...

Ok.. Now this is pretty cool…

Reading time: Less than a minute
For all those guys who usually scoff at CSI / Police Movies where the detective shouts “enhance image” or remove...

2 Un-related thoughts.. on Echelon and the recent Skype Outage..

Reading time: ~2 min
I suspect somewhere there exist cardinal rules of blogging which would state that using a single post to make 2...

Core Release Pass the Hash Toolkit..

Reading time: Less than a minute
Hernan Ochoa from Core has released the Pass the Hash Toolkit which is very cool.. It basically means that you...

We’re hiring

Reading time: ~2 min
SensePost is an exciting & dynamic young company with strong values & a world vision. We specialize in high-end technical...

On hamsters, Escaping, Escaping of Hamsters and the Lack of escaping in Hamster…

Reading time: ~5 min
OK.. So as i mentioned before, I saw Robert Graham from Erratasec demo hamster live on stage and wondered if...

mh.blackhatFeedback(Side-jacking, Hamster)

Reading time: ~2 min
Ok.. so its a lot later than i promised, but i did mention that i would post some feedback on...

On hacking and politics

Reading time: ~2 min
I meant to blog this whilst I was still in Vegas, but only got around to it now. Its arb,...

F(inally)ull Release of BlackHat-Defcon Timing Stuff..

Reading time: ~2 min
The slides | tool | paper from BlackHat07/DefCon07 have been posted online for your wget’ing pleasure. More details on squeeza...

Another blow for privacy? A small price for your 15 minutes of fame..

Reading time: Less than a minute
Spock have just opened up beyond their private beta and promise to be the most comprehensive people search tool on...

BlackHat Roundup – Ajax and h.323 and iax

Reading time: ~4 min
The bulk of security research pertaining to VoIP call control, setup and signaling protocols has focused on the Session Initiation...

Squeeza: The SQL Injection Future?

Reading time: Less than a minute
During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but...

Late BlackHat Update..

Reading time: ~1 min
ok.. so im in my room finally catching up on sleep (or will be in a few minutes) while most...

BlackHat Progress Report

Reading time: ~1 min
(always wanted to say that!) 2 SensePost Training sessions are over, and as i type The weekday sessions are at...

BlackHat, DefCon, Las Vegas

Reading time: Less than a minute
Ok.. so the 2nd plane with SensePost’ers has touched down in LasVegas and the first cheeze-pizza from the caesars food...

QoW 1 answered; Qow 2 released

Reading time: ~1 min
A little while back we published our first public QoW for your abuse and enjoyment, and the time to close...

-sigh- little things, little minds…

Reading time: Less than a minute
Deels stumbled on www.simpsonizeme.com to give me mh, the springfield edition.. Combine with your intranet mug-shots, and it could give...

Google Cookies.. Finally a saner expiry date…

Reading time: Less than a minute
Google have finally revised their cookie expiration policy, which will have user cookies expiring after 2 years. (For those of...

Adam Shostack on Biometrics..

Reading time: Less than a minute
hmmm… i have heard this somewhere before…. ” However, in cases where your finger is used to identify or authenticate...

VMWare Fusion, i love you not, i love you…

Reading time: ~2 min
ok.. some of you in the office would have heard me whine when vmware fusion recently started taking my whole...

Have a (one) care sir….

Reading time: ~2 min
Someone in the office was discussing Microsoft’s recent horrible foray into the anti-virus market. Apparently an online source held one-care...

Probably the best book dedication i have ever seen….

Reading time: Less than a minute
Richard Bejtlich didnt give the pre-release a glowing review but i know at least a few people waiting eagerly to...

In Defense of Testing Pens… (aka how to keep your soul while being a pen-tester)

Reading time: ~7 min
A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The...

SensePost Training at Black Hat Las Vegas

Reading time: ~1 min
The Black Hat Briefings is arguably the most significant technical security conference in the world. It takes every year in...

On vulnerability, root cause, white-listing and compliance

Reading time: ~4 min
Many years ago, when we first released ‘Setiri’ one of the controls that we preached was website white-listing. As talk-back...

and then there was one….

Reading time: ~1 min
First IBM announced their interest in Watchfire, and now HP announces their interest in SPI Dynamics. “Consolidation in the industry”...

Shuttleworth comments on Microsoft/Ubuntu deal rumours

Reading time: ~1 min
Mark Shuttleworth on his blog makes it clear -snip- “We have declined to discuss any agreement with Microsoft under the...

Viva Las Vegas!

Reading time: Less than a minute
BlackHat Vegas is almost on us again, and this will be the 6th year running that we present there.. This...

CSI Corporate Threat Modeling Talk

Reading time: ~1 min
Whew. After much last-minute war with PPT C# and ORM our slides and Beta 1.0 of our tool are available...

Safari on Win32, and browser choices in general..

Reading time: ~2 min
Gareth linked to David Maynor’s blog where he documents the results of some simple fuzzing against the new Win32 port...

More Pentagon data leakage through Office files..

Reading time: Less than a minute
R J Hillhouse (who has a fascinating background) found that when she double clicked a graph on a slide deck...

Threat Modelling Talk at CSI Phoenix

Reading time: ~1 min
After a six hour delay due to technical problems *before* my journey even started I’m finally on the plane and...

VMware for OSX (Fusion) – Beta 4

Reading time: ~1 min
VMware have just released beta4 of its Fusion product for OSX. The initial beta was hard to justify and a...

Right escalation via services or scheduled tasks in Windows

Reading time: ~1 min
Scheduled tasks and services are often run as accounts with excessive privileges (HP Insight, backups etc) instead of limited service...

Hotel Hacking

Reading time: Less than a minute
Check out http://hongkong.langhamplacehotels.com/accom/technology.htm in Hong Kong. They provide Cisco IP phones in the rooms, but with a difference. According to...

Re: Jeremiah Grossmans “How to find your websites”

Reading time: ~3 min
Jeremiah from WhiteHatSec has just written a quick piece on how to find your websites. Now Footprinting is obviously dear...

Second Life land grab case moves into U.S federal courts..

Reading time: ~1 min
Ars Technica is reporting on the law suit filed in 2006 by Martin Bragg who accused Linden labs of wrongfully...

Web Mashups point and click style (open invite for Sammy v2.0) ?

Reading time: ~1 min
[Yahoo pipes] looks like an awesome way for even non-programmers to create web mashups trivially. Aside from the fact that...

Windows filesharing on OSX still vulnerable…

Reading time: Less than a minute
Aaron Adams over at SYMANTEC, did a quick check on the version of Samba running on currently up to date...

Adventures while moving… (Part II)

Reading time: ~1 min
Ok.. so we have an outside gate type thing that leads to our garden. Since we would probably get to...

Do you group your passwords?

Reading time: ~1 min
This has probably been pondered, but something occurred to me whilst entering my new home.. The guard house grants access...