Our Blog

Demonstrating ClickJacking with Jack

Reading time: ~3 min
Posted by chris on 15 September 2014
Categories: Clickjacking, Tools, #legit
Jack is a tool I created to help build Clickjacking PoC’s. It uses basic HTML and Javascript and can be...

DefCon 22 – Practical Aerial Hacking & Surveillance

Reading time: ~1 min
Posted by glenn on 10 August 2014
Categories: Conferences, Defcon
Hello from Las Vegas! Yesterday (ed: uh, last week, my bad) I gave a talk at DefCon 22 entitled ‘Practical...

SensePost partners with Paterva to offer improved security intelligence

Reading time: ~3 min
Posted by Charl van der Walt on 04 August 2014
Categories: About:us, Maltego, Press release
We’ve been big fans of Maltego and the team at Paterva for a very long time now,  and we frequently...

The SensePost Academy: Wrecking Balls

Reading time: ~2 min
Posted by daniel on 27 June 2014
Categories: Interns
There is a serious skills shortage in our industry. There are just not enough skilled hackers out there to fill...

SensePost Challenge – Winners and Walkthrough

Reading time: ~10 min
Posted by etienne on 27 June 2014
Categories: Blackhat, Challenge, Howto, Webapps
We recently ran our Black Hat challenge where the ultimate prize was a seat on one of our training courses...

Hacking Challenge: Drive a tank through it

Reading time: ~1 min
Posted by etienne on 19 June 2014
Categories: Blackhat, Challenge
At SensePost we get to enjoy some challenging assessments and do pretty epic things.  Some days it feels like the...

Release the hounds! Snoopy 2.0

Reading time: ~5 min
Posted by glenn on 13 June 2014
Categories: Presentations, Python, Research
Friday the 13th seemed like as good a date as any to release Snoopy 2.0 (aka snoopy-ng). For those in...

Using Maltego to explore threat & vulnerability data

Reading time: ~6 min
Posted by glenn on 06 June 2014
Categories: Analysis, Broadview
This blog post is about the process we went through trying to better interpret the masses of scan results that...

Associating an identity with HTTP requests – a Burp extension

Reading time: ~8 min
Posted by Rogan Dawes on 05 June 2014
Categories: Analysis, Build-it, Tools, Webapps
This is a tool that I have wanted to build for at least 5 years. Checking my archives, the earliest...

BootCamp Reloaded Infrastructure

Reading time: ~1 min
Posted by george on 13 May 2014
Categories: Training
  Why Infrastructure Hacking Isn’t Dead If you work in IT Security you may have heard people utter the phrase,...

SenseCon 2014

Reading time: ~7 min
Posted by daniel on 07 April 2014
Categories: Fun, Research
What originally started as one of those “hey, wouldn’t this be cool?” ideas, has blossomed into a yearly event for us...

Combat Reloaded

Reading time: ~2 min
Posted by daniel on 02 April 2014
Categories: Training
The British Special Air Service (SAS) have a motto that’s rather fitting for their line of work – Who Dares...

Channel 4 – Mobile Phone Experiment

Reading time: ~2 min
Posted by glenn on 06 February 2014
Categories: Mobile, Programming
This evening we were featured on Channel 4’s DataBaby segment (link to follow). Channel 4 bought several second hand mobile...

Revisting XXE and abusing protocols

Reading time: ~9 min
Posted by etienne on 28 January 2014
Categories: Real-world, Webapps, Xml
Recently a security researcher reported a bug in Facebook that could potentially allow Remote Code Execution (RCE). His writeup of...

January Get Fit Reversing Challenge

Reading time: ~4 min
Posted by siavosh on 17 January 2014
Categories: Fun, Research, Reversing
Aah, January, a month where resolutions usually flare out spectacularly before we get back to the couch in February. We’d...