Our Blog
Dangers of Custom ASP.NET HttpHandlers
Reading time:
~2 min
Posted
by behrang
on
13 December 2012
ASP.NET HttpHandlers are interesting components of a .NET web application when performing security assessments, mainly due to the fact they...
Snoopy Release
Reading time:
~4 min
Posted
by glenn
on
06 December 2012
We blogged a little while back about the Snoopy demonstration given at 44Con London. A similar talk was given at...
SensePost Hackathon 2012
Reading time:
~5 min
Posted
by daniel
on
03 December 2012
Last month saw the inaugural SensePost hackathon happen in our new offices in Brooklyn, South Africa. It was the first...
Skype Passive IP Disclosure Vulnerability
Reading time:
~2 min
Posted
by vlad
on
26 November 2012
When performing spear phishing attacks, the more information you have at your disposal, the better. One tactic we thought useful...
T-Shirt Shell Competition
Reading time:
~3 min
Posted
by Dominic White
on
23 November 2012
For our internal hackathon, we wanted to produce some shirts. We ran a competition to see who could produce a...
HTTPS via WinAPI
Reading time:
~1 min
Posted
by vlad
on
19 November 2012
Hijacking SSL sessions initiated by the browser is a trivial task. The challenge comes when trying to intercept SSL traffic...
CSIR Cyber Games
Reading time:
~4 min
Posted
by etienne
on
09 November 2012
The Council for Scientific and Industrial Research (CSIR) recently hosted the nation Cyber Games Challenge as part of Cyber Security Awareness month....
Charity Drive – Antarctica Expedition
Reading time:
~3 min
Posted
by Charl van der Walt
on
06 November 2012
\ Like many businesses we at SensePost are aware of how fortunate we are and and of the many around...
SensePost People News
Reading time:
~2 min
Posted
by Charl van der Walt
on
04 October 2012
We’re extremely proud to announce today the promotion of a number of key people here at SensePost. Shane Kemp, Daniel...
Snoopy: A distributed tracking and profiling framework
Reading time:
~17 min
Posted
by glenn
on
25 September 2012
At this year’s 44Con conference (held in London) Daniel and I introduced a project we had been working on for...
44Con: Vulnerability analysis of the .NET smart Card Operating System
Reading time:
~1 min
Posted
by behrang
on
10 September 2012
Today’s smart cards such as banking cards and smart corporate badges are capable of running multiple tiny applications which are...
Solution for the 44Con Challenge
Reading time:
Less than a minute
Posted
by junaid
on
03 September 2012
Last week, we published our 44Con “SillySIP” Challenge for free entry to our BlackOps training course at the 44Con conference...
44Con Challenge
Reading time:
~2 min
Posted
by junaid
on
24 August 2012
In a similar fashion to the BlackHat challenge held earlier this year, we’re giving away a free ticket to our...
Privilege Escalation in SQL Server (Depending on some dodgy requirements)
Reading time:
~3 min
Posted
by Ian de Villiers
on
08 August 2012
I was playing with a few SQL server idiosyncrasies more than a year ago before becoming so completely distracted with...
BlackOps – Post Exploitation Fun and Games
Reading time:
~2 min
Posted
by daniel
on
01 August 2012
Brilliant, the client has decided to implement their own CMS and you’ve found a variable that’s vulnerable to SQL injection....
Black Hat Training Classes Update
Reading time:
~2 min
Posted
by Charl van der Walt
on
13 July 2012
Hey All, We’re about locked and loaded down here in ZA – ready to tackle the looooong journey to Vegas...
Solution for the BlackHat Challenge
Reading time:
~4 min
Posted
by behrang
on
22 June 2012
We had published a network protocol analysis challenge for free entry to our BlackHat 2012 Vegas training courses and received...
BlackHat Challenge
Reading time:
~2 min
Posted
by behrang
on
14 June 2012
This year marks a special anniversary for us at SensePost in that we’ve been training at BlackHat for over a...
RSA SecureID software token update
Reading time:
~4 min
Posted
by behrang
on
24 May 2012
There has been a healthy reaction to our initial post on our research into the RSA SecureID Software Token. A...
A closer look into the RSA SecureID software token
Reading time:
~7 min
Posted
by behrang
on
17 May 2012
Widespread use of smart phones by employees to perform work related activities has introduced the idea of using these devices...
CREST South Africa? Let’s talk…
Reading time:
~1 min
Posted
by Charl van der Walt
on
09 May 2012
First, some background on CREST in the form of blatant plagiarism… CREST – The Council for Registered Ethical Security Testers...
ITWeb Security Summit 2012
Reading time:
~3 min
Posted
by Charl van der Walt
on
08 May 2012
This year, for the fourth time, myself and some others here at SensePost have worked together with the team from...
Pentesting in the spotlight – a view
Reading time:
~9 min
Posted
by Charl van der Walt
on
07 May 2012
As 44Con 2012 starts to gain momentum (we’ll be there again this time around) I was perusing some of the talks...
Pfortner calls on SensePost expertise to validate their security posture
Reading time:
~2 min
Posted
by Yvette du Toit
on
26 April 2012
Pretoria South Africa — SensePost, a leader in penetration testing and information security services, announced today that Pfortner had called...
Foot printing – Finding your target…
Reading time:
~15 min
Posted
by willem
on
08 March 2012
We were asked to contribute an article to PenTest magazine, and chose to write up an introductory how-to on footprinting....
Mobile Security – Observations from the developing world
Reading time:
~6 min
Posted
by Charl van der Walt
on
06 March 2012
By the year 2015 sub-Saharan Africa will have more people with mobile network access than with access to electricity at...
Hacking By Numbers – March 2012
Reading time:
~1 min
Posted
by Shane Kemp
on
22 February 2012
Our next locally scheduled training sessions have been planned for March. If you’re interested in attending, the dates and locations...