Our Blog
Season’s Greetings
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
18 December 2010
To all our customers, staff (past and present), business partners, friends and associates I’d like to wish a joyous and...
Internal spotlight
Reading time:
Less than a minute
Posted
by marco
on
06 December 2010
As the year winds down, it’s time to mention a few internal victories that are fun to share: Daniel Cuthbert...
Playing with Python Pickle #3
Reading time:
~8 min
Posted
by marco
on
15 November 2010
[This is the third in a series of posts on Pickle. Link to part one and two.] Thanks for stopping...
Playing with Python Pickle #2
Reading time:
~12 min
Posted
by marco
on
09 November 2010
[This is the second in a series of posts on Pickle. Link to part one.] In the previous post I...
Playing with Python Pickle #1
Reading time:
~6 min
Posted
by marco
on
09 November 2010
In our recent memcached investigations (a blog post is still in the wings) we came across numerous caches storing serialized...
Black Hat Abu Dhabi – Full … NOT!
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
31 October 2010
The bad news is that our course at Black Hat Abu Dhabi is completely full. The good news is …...
Analysis of a UDP worm
Reading time:
~4 min
Posted
by behrang
on
25 October 2010
Introduction From time to time I like to delve into malware analysis as a pastime and post interesting examples, and...
Sensepost Training in November
Reading time:
~1 min
Posted
by Shane Kemp
on
14 October 2010
Our next scheduled training sessions have been planned for November. If you’re interested in attending, the dates and locations are:...
Gitex 2010 Dubai
Reading time:
Less than a minute
Posted
by Shane Kemp
on
13 October 2010
At the invitation of the South African Department of Trade and Industry SensePost will form part of a South African...
Hacking By Numbers – South Africa – September ’10
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
26 August 2010
From the team that won the world’s first Soccer Hack Cup, we bring you the latest and the greatest in...
Information Security South Africa (ISSA) 2010
Reading time:
~4 min
Posted
by Dominic White
on
10 August 2010
Last week we presented an invited talk at the ISSA conference on the topic of online privacy (embedded below, click...
Memcached talk update
Reading time:
~1 min
Posted
by marco
on
07 August 2010
Wow. At some point our talk hit HackerNews and then SlashDot after swirling around the Twitters for a few days....
BlackHat Write-up: go-derper and mining memcaches
Reading time:
~7 min
Posted
by marco
on
04 August 2010
[Update: Disclosure and other points discussed in a little more detail here.] Why memcached? At BlackHat USA last year we...
Go-derper: mining your memcacheds
Reading time:
Less than a minute
Posted
by marco
on
30 July 2010
Today at BlackHat USA 2010 we released a tool for manipulating memcached instances; we still need to write it up...
HTTP Methods per Directory
Reading time:
~1 min
Posted
by evert
on
28 June 2010
A very common finding in our day to day vulnerability management endevours is the HTTP Methods Per Directory. In its...
SensePost Corporate Threat(Risk) Modeler
Reading time:
~5 min
Posted
by Dominic White
on
07 June 2010
Since joining SensePost I’ve had a chance to get down and dirty with the threat modeling tool. The original principle...
New SensePost Website – check it out
Reading time:
~1 min
Posted
by Charl van der Walt
on
07 June 2010
Sigh. We’ve never been much good at marketing or advertising, and I guess we still aren’t. But we have tried...
SensePost’s Training @ Black Hat Vegas ’10 (win something)
Reading time:
~1 min
Posted
by Dominic White
on
07 June 2010
After hearing our talk was accepted at BlackHat, we’re happy to announce that our training will be back for it’s...
I know what your cert did last summer
Reading time:
~1 min
Posted
by evert
on
03 June 2010
Most of our clients that make use of our vulnerability management service, HackRack, manage a large and usually interactive web...
SensePost at BlackHat USA 2010
Reading time:
~1 min
Posted
by marco
on
31 May 2010
A brief update from South Africa on some recent talks as well as the upcoming BH USA: our talk proposal...
SensePost J-Baah
Reading time:
Less than a minute
Posted
by Ian de Villiers
on
18 May 2010
I’m pleased to announce the release of J-Baah – the port of CrowBar (our generic HTTP Fuzzing tool) to Java....
ITWeb Security Summit 2010 & Afterparty
Reading time:
~3 min
Posted
by Dominic White
on
04 May 2010
The ITWeb security summit is coming up next week from the 11th to 13th of May. This is a conference...
Password Strength Checker & Generator
Reading time:
~5 min
Posted
by Dominic White
on
30 April 2010
In my previous role working as a security manager for a large retailer, I developed some password tools for various...
GlypeAhead: Portscanning through PHP Glype proxies
Reading time:
~2 min
Posted
by junaid
on
13 April 2010
As the need for online anonymity / privacy grew, the proxy industry flourished with many proxy owners generating passive incomes...
BroadView V4 Attributes
Reading time:
~3 min
Posted
by jeremy
on
01 April 2010
Following on from Evert’s posting about the new BroadView v4, I’d like to showcase a specific aspect of BV that...
‘Scraping’ our time servers
Reading time:
~5 min
Posted
by gert
on
31 March 2010
The intertubes have been humming lately around a certain NTP feature to gather lists of NTP servers’ clients and it...
BroadView – coming of age
Reading time:
~2 min
Posted
by evert
on
30 March 2010
Ever since Ron Gula’s RiskyBusiness talk #142 about their Nessus philosophy, I decided to come out of the closet and...
HBN BootCamp Updated!
Reading time:
Less than a minute
Posted
by bradleyj
on
17 March 2010
Hey Everyone, As promised last week, we have made changes to the content of our HBN BootCamp course. We have...
CANSA Shavathon 2010
Reading time:
~3 min
Posted
by jacqui.maree@orangecyberdefense.com
on
10 March 2010
This past Thursday we received notice that Boogterman & Partners would be a host company for the CANSA Shavathon 2010...
Decrypting Symantec BackupExec passwords
Reading time:
~1 min
Posted
by behrang
on
05 March 2010
BackupExec agent is often among common services found on the internal pen tests. The agent software stores an encrypted “logon...
SensePost trains in Spain.
Reading time:
Less than a minute
Posted
by bradleyj
on
04 March 2010
Hey everyone. We will once again be presenting our BootCamp training course at the BlackHat Europe Conference. It seems this...
So long.. and thanks for everything..
Reading time:
~2 min
Posted
by Haroon Meer
on
02 March 2010
Considering how freely i’ve ranted on our blog over the past few years i found it incredibly hard to to...
SensePost Ten Years Old
Reading time:
~13 min
Posted
by Charl van der Walt
on
15 February 2010
After ten fascinating years, during which many people have contributed in so many ways to the place that is SensePost,...
Removing registration requirements
Reading time:
~1 min
Posted
by marco
on
08 February 2010
Over the years we’ve offered almost all our tools, papers, presentations and other materials for free, albeit with a “registration...
Is the writing on the wall for general purpose computing ?
Reading time:
~3 min
Posted
by Haroon Meer
on
29 January 2010
The Apple iPad announcement set the interwebs alight, and there is no shortage of people blogging or tweeting about how...
80 minutes to Apples Tablet..
Reading time:
~1 min
Posted
by Haroon Meer
on
27 January 2010
In 80 minutes Apple will announce the tablet, and the interwebs is almost bursting with excitement and anticipation.. You absolutely...