Our Blog

Our news

All you need to know

Season’s Greetings

Reading time: Less than a minute
To all our customers, staff (past and present), business partners, friends and associates I’d like to wish a joyous and...

Internal spotlight

Reading time: Less than a minute
As the year winds down, it’s time to mention a few internal victories that are fun to share: Daniel Cuthbert...

Playing with Python Pickle #3

Reading time: ~8 min
[This is the third in a series of posts on Pickle. Link to part one and two.] Thanks for stopping...

Playing with Python Pickle #2

Reading time: ~12 min
[This is the second in a series of posts on Pickle. Link to part one.] In the previous post I...

Playing with Python Pickle #1

Reading time: ~6 min
In our recent memcached investigations (a blog post is still in the wings) we came across numerous caches storing serialized...

Black Hat Abu Dhabi – Full … NOT!

Reading time: Less than a minute
The bad news is that our course at Black Hat Abu Dhabi is completely full. The good news is …...

Analysis of a UDP worm

Reading time: ~4 min
Introduction From time to time I like to delve into malware analysis as a pastime and post interesting examples, and...

Sensepost Training in November

Reading time: ~1 min
Our next scheduled training sessions have been planned for November. If you’re interested in attending, the dates and locations are:...

Gitex 2010 Dubai

Reading time: Less than a minute
At the invitation of the South African Department of Trade and Industry SensePost will form part of a South African...

Hacking By Numbers – South Africa – September ’10

Reading time: Less than a minute
From the team that won the world’s first Soccer Hack Cup, we bring you the latest and the greatest  in...

Information Security South Africa (ISSA) 2010

Reading time: ~4 min
Last week we presented an invited talk at the ISSA conference on the topic of online privacy (embedded below, click...

Memcached talk update

Reading time: ~1 min
Wow. At some point our talk hit HackerNews and then SlashDot after swirling around the Twitters for a few days....

BlackHat Write-up: go-derper and mining memcaches

Reading time: ~7 min
[Update: Disclosure and other points discussed in a little more detail here.] Why memcached? At BlackHat USA last year we...

Go-derper: mining your memcacheds

Reading time: Less than a minute
Today at BlackHat USA 2010 we released a tool for manipulating memcached instances; we still need to write it up...

HTTP Methods per Directory

Reading time: ~1 min
A very common finding in our day to day vulnerability management endevours is the HTTP Methods Per Directory. In its...

SensePost Corporate Threat(Risk) Modeler

Reading time: ~5 min
Since joining SensePost I’ve had a chance to get down and dirty with the threat modeling tool. The original principle...

New SensePost Website – check it out

Reading time: ~1 min
Sigh. We’ve never been much good at marketing or advertising, and I guess we still aren’t. But we have tried...

SensePost’s Training @ Black Hat Vegas ’10 (win something)

Reading time: ~1 min
After hearing our talk was accepted at BlackHat, we’re happy to announce that our training will be back for it’s...

I know what your cert did last summer

Reading time: ~1 min
Most of our clients that make use of our vulnerability management service, HackRack, manage a large and usually interactive web...

SensePost at BlackHat USA 2010

Reading time: ~1 min
A brief update from South Africa on some recent talks as well as the upcoming BH USA: our talk proposal...

SensePost J-Baah

Reading time: Less than a minute
I’m pleased to announce the release of J-Baah – the port of CrowBar (our generic HTTP Fuzzing tool) to Java....

ITWeb Security Summit 2010 & Afterparty

Reading time: ~3 min
The ITWeb security summit is coming up next week from the 11th to 13th of May. This is a conference...

Password Strength Checker & Generator

Reading time: ~5 min
In my previous role working as a security manager for a large retailer, I developed some password tools for various...

GlypeAhead: Portscanning through PHP Glype proxies

Reading time: ~2 min
As the need for online anonymity / privacy grew, the proxy industry flourished with many proxy owners generating passive incomes...

BroadView V4 Attributes

Reading time: ~3 min
Following on from Evert’s posting about the new BroadView v4, I’d like to showcase a specific aspect of BV that...

‘Scraping’ our time servers

Reading time: ~5 min
The intertubes have been humming lately around a certain NTP feature to gather lists of NTP servers’ clients and it...

BroadView – coming of age

Reading time: ~2 min
Ever since Ron Gula’s RiskyBusiness talk #142 about their Nessus philosophy, I decided to come out of the closet and...

HBN BootCamp Updated!

Reading time: Less than a minute
Hey Everyone, As promised last week, we have made changes to the content of our HBN BootCamp course. We have...

CANSA Shavathon 2010

Reading time: ~2 min
This past Thursday we received notice that Boogterman & Partners would be a host company for the CANSA Shavathon 2010...

Decrypting Symantec BackupExec passwords

Reading time: ~1 min
BackupExec agent is often among common services found on the internal pen tests. The agent software stores an encrypted “logon...

SensePost trains in Spain.

Reading time: Less than a minute
Hey everyone. We will once again be presenting our BootCamp training course at the BlackHat Europe Conference. It seems this...

So long.. and thanks for everything..

Reading time: ~2 min
Considering how freely i’ve ranted on our blog over the past few years i found it incredibly hard to to...

SensePost Ten Years Old

Reading time: ~13 min
After ten fascinating years, during which many people have contributed in so many ways to the place that is SensePost,...

Removing registration requirements

Reading time: ~1 min
Over the years we’ve offered almost all our tools, papers, presentations and other materials for free, albeit with a “registration...

Is the writing on the wall for general purpose computing ?

Reading time: ~3 min
The Apple iPad announcement set the interwebs alight, and there is no shortage of people blogging or tweeting about how...

80 minutes to Apples Tablet..

Reading time: ~1 min
In 80 minutes Apple will announce the tablet, and the interwebs is almost bursting with excitement and anticipation.. You absolutely...