Our Blog

Demonstrating ClickJacking with Jack

Reading time: ~3 min
Jack is a tool I created to help build Clickjacking PoC’s. It uses basic HTML and Javascript and can be...

DefCon 22 – Practical Aerial Hacking & Surveillance

Reading time: ~1 min
Hello from Las Vegas! Yesterday (ed: uh, last week, my bad) I gave a talk at DefCon 22 entitled ‘Practical...

SensePost partners with Paterva to offer improved security intelligence

Reading time: ~3 min
We’ve been big fans of Maltego and the team at Paterva for a very long time now,  and we frequently...

The SensePost Academy: Wrecking Balls

Reading time: ~2 min
There is a serious skills shortage in our industry. There are just not enough skilled hackers out there to fill...

SensePost Challenge – Winners and Walkthrough

Reading time: ~10 min
We recently ran our Black Hat challenge where the ultimate prize was a seat on one of our training courses...

Hacking Challenge: Drive a tank through it

Reading time: ~1 min
At SensePost we get to enjoy some challenging assessments and do pretty epic things.  Some days it feels like the...

Release the hounds! Snoopy 2.0

Reading time: ~5 min
Friday the 13th seemed like as good a date as any to release Snoopy 2.0 (aka snoopy-ng). For those in...

Using Maltego to explore threat & vulnerability data

Reading time: ~6 min
This blog post is about the process we went through trying to better interpret the masses of scan results that...

Associating an identity with HTTP requests – a Burp extension

Reading time: ~8 min
This is a tool that I have wanted to build for at least 5 years. Checking my archives, the earliest...

BootCamp Reloaded Infrastructure

Reading time: ~1 min
  Why Infrastructure Hacking Isn’t Dead If you work in IT Security you may have heard people utter the phrase,...

SenseCon 2014

Reading time: ~7 min
What originally started as one of those “hey, wouldn’t this be cool?” ideas, has blossomed into a yearly event for us...

Combat Reloaded

Reading time: ~2 min
The British Special Air Service (SAS) have a motto that’s rather fitting for their line of work – Who Dares...

Channel 4 – Mobile Phone Experiment

Reading time: ~2 min
This evening we were featured on Channel 4’s DataBaby segment (link to follow). Channel 4 bought several second hand mobile...

Revisting XXE and abusing protocols

Reading time: ~9 min
Recently a security researcher reported a bug in Facebook that could potentially allow Remote Code Execution (RCE). His writeup of...

January Get Fit Reversing Challenge

Reading time: ~4 min
Aah, January, a month where resolutions usually flare out spectacularly before we get back to the couch in February. We’d...