Our Blog

Our news

All you need to know

Pentesting Enterprise Infrastructure – Journeyman Level

Reading time: ~2 min
Sophisticated attacks aim to hide from endpoint solutions Advanced hacking. Expert approaches We are inundated by advanced this, expert that,...

Womens Training Scholarship

Reading time: ~1 min
SensePost and BlackHat are proud to announce a new scholarship initiative for a woman in the information security field. The...

USaBUSe Linux updates

Reading time: ~6 min
(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting...

XRDP: Exploiting Unauthenticated X Windows Sessions

Reading time: ~9 min
In this blog post we are going to describe some tools we created to find and exploit unauthenticated X Windows sessions....

Rattler:Identifying and Exploiting DLL Preloading Vulnerabilities

Reading time: ~7 min
In this blog post I am going to describe a new tool (Rattler) that I have been working on and...

PwnBank en route to Vegas

Reading time: ~3 min
Everyone has a mobile phone (ok some have two) and the wealth of information people put into them is staggering....

DET – (extensible) Data Exfiltration Toolkit

Reading time: ~2 min
Often gaining access to a network is just the first step for a targeted attacker. Once inside, the goal is...

AutoDane at BSides Cape Town

Reading time: ~6 min
Given the prevalence of Microsoft Active Directory domains as the primary means of managing large corporate networks both globally and...

Improvements in Rogue AP attacks – MANA 1/2

Reading time: ~9 min
At Defcon 22 we presented several improvements in wifi rogue access point attacks. We entitled the talk “Manna from heaven”...

DefCon 22 – Practical Aerial Hacking & Surveillance

Reading time: ~1 min
Hello from Las Vegas! Yesterday (ed: uh, last week, my bad) I gave a talk at DefCon 22 entitled ‘Practical...

Botconf 2013

Reading time: ~2 min
Botconf’13, the “First botnet fighting conference” took place in Nantes, France from 5-6 December 2013. Botconf aimed to bring together...

RAT-a-tat-tat

Reading time: Less than a minute
Hey all, So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison...

Offence oriented defence

Reading time: ~3 min
We recently gave a talk at the ITWeb Security Summit entitled “Offense Oriented Defence”. The talk was targeted at defenders...

44CON 2013

Reading time: ~3 min
In one week, it’s 44CON time again! One of our favourite UK hacker cons. In keeping with our desire to...

BlackHat Conference: Z-Wave Security

Reading time: ~1 min
We are publishing the research paper and tool for our BlackHat 2013 USA talk on the Z-Wave proprietary wireless protocol...

Honey, I’m home!! – Hacking Z-Wave & other Black Hat news

Reading time: ~7 min
You’ve probably never thought of this, but the home automation market in the US was worth approximately $3.2 billion in...

Snoopy Release

Reading time: ~4 min
We blogged a little while back about the Snoopy demonstration given at 44Con London. A similar talk was given at...

Black Hat Training Classes Update

Reading time: ~2 min
Hey All, We’re about locked and loaded down here in ZA – ready to tackle the looooong journey to Vegas...

CREST South Africa? Let’s talk…

Reading time: ~1 min
First, some background on CREST in the form of  blatant plagiarism… CREST – The Council for Registered Ethical Security Testers...

ITWeb Security Summit 2012

Reading time: ~3 min
This year, for the fourth time, myself and some others here at SensePost have worked together with the team from...

Pentesting in the spotlight – a view

Reading time: ~9 min
As 44Con 2012 starts to gain momentum (we’ll be there again this time around) I was perusing some of the talks...

Mobile Security Summit 2011

Reading time: ~1 min
This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389). Charl was...

Metricon 2011 Summary

Reading time: ~5 min
[I originally wrote this blog entry on the plane returning from BlackHat, Defcon & Metricon, but forgot to publish it....

Black Hat Abu Dhabi && Cadet Online Edition

Reading time: ~1 min
Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected...

Runtime analysis of Windows Phone 7 Applications

Reading time: ~2 min
Runtime analysis is an integral part of most application security assessment processes. Many powerful tools have been developed to perform...

SensePost @ 44Con – Join us!

Reading time: ~1 min
Until recently, there was a distinct lack of decent, high-quality technical security conferences held in the United Kingdom. Home to the...

SensePost Black Hat Course Summary & chosing the right courses

Reading time: ~1 min
As we draw nearer to Black Hat Vegas we get a lot of requests from people who need help choosing...

From the International Conference on Cyber Conflict

Reading time: ~9 min
The text that follows is a short statement I prepared for the press ahead of my presentation at the ‘The...

ITWeb Security Summit

Reading time: Less than a minute
The ITWeb Security Summit is creeping up on us again and will be happening on the 10-11th of May. This...

Black Hat Abu Dhabi – Full … NOT!

Reading time: Less than a minute
The bad news is that our course at Black Hat Abu Dhabi is completely full. The good news is …...

Gitex 2010 Dubai

Reading time: Less than a minute
At the invitation of the South African Department of Trade and Industry SensePost will form part of a South African...

Information Security South Africa (ISSA) 2010

Reading time: ~4 min
Last week we presented an invited talk at the ISSA conference on the topic of online privacy (embedded below, click...

Memcached talk update

Reading time: ~1 min
Wow. At some point our talk hit HackerNews and then SlashDot after swirling around the Twitters for a few days....

BlackHat Write-up: go-derper and mining memcaches

Reading time: ~7 min
[Update: Disclosure and other points discussed in a little more detail here.] Why memcached? At BlackHat USA last year we...

Go-derper: mining your memcacheds

Reading time: Less than a minute
Today at BlackHat USA 2010 we released a tool for manipulating memcached instances; we still need to write it up...

SensePost’s Training @ Black Hat Vegas ’10 (win something)

Reading time: ~1 min
After hearing our talk was accepted at BlackHat, we’re happy to announce that our training will be back for it’s...

SensePost at BlackHat USA 2010

Reading time: ~1 min
A brief update from South Africa on some recent talks as well as the upcoming BH USA: our talk proposal...

ITWeb Security Summit 2010 & Afterparty

Reading time: ~3 min
The ITWeb security summit is coming up next week from the 11th to 13th of May. This is a conference...

SensePost trains in Spain.

Reading time: Less than a minute
Hey everyone. We will once again be presenting our BootCamp training course at the BlackHat Europe Conference. It seems this...

26th Chaos Communication Congress..

Reading time: Less than a minute
is currently on in Berlin. As usual [it] looks like a blast, and as usual, media [is online] before the...

ZaCon – A con in need of a better tagline…

Reading time: Less than a minute
ZaCon came and went, “and a fun time was had by all!” The first run was a semi-cosy affair held...

Defcon-17 – Clobbering the Cloud

Reading time: Less than a minute
Our DC-17 video (of the “Clobbering the Cloud” talk) is now available on the the new look DefCon download site:...

Fasm2009 – Videos online..

Reading time: Less than a minute
The “Fasm conference is an informal meeting of coders interested in x86 assembly programming.” Some of the videos can be...

BlackHat presentation demo vids: MobileMe

Reading time: ~3 min
[part 5 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal The final installment...

BlackHat presentation demo vids: Amazon

Reading time: ~8 min
[part 4 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal In the fourth...

BlackHat presentation demo vids: SalesForce Sifto

Reading time: ~5 min
[part 3 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal Our third video...

BlackHat presentation demo vids: SalesForce ClickJacking

Reading time: ~2 min
[part 2 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal The premise behind...

BlackHat presentation demo vids: SugarSync

Reading time: ~4 min
[part 1 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal We wanted to...

BlackHat presentation demo vids: Summary

Reading time: Less than a minute
Our BH09/DC17 presentation relied heavily on videos for the demos, and they’ve been blogged separately. Links below (will be made...

Clobbering the cloud slides

Reading time: Less than a minute
[updated: videos will be made available on this page] 140 slides in 75 minutes. They said it couldn’t be done…...

Wishlist for graduates

Reading time: ~4 min
We were invited to speak at the recent ISSA2009 conference in Joburg, a local mostly academic security conference and I...

Apple vs Microsoft as a malware target.. stop saying market share..

Reading time: ~6 min
I really enjoy listening to Mac Break Weekly.. Leo Laporte is an excellent host and i would tune in just...

Excellent paper from MSFT Research on inline proxies vs. SSL

Reading time: ~1 min
Ron Auger sent an email to the [WASC Mail list] on some fine work presented recently by Microsoft Research. The...

Ranum Reloaded..

Reading time: ~4 min
A little while back i commented on Marcus Ranums HiTB talk “Cyberwar is Bullshit!“. I ended the post with the...

!exploitable [Vuln finding freebie from MSFT]

Reading time: Less than a minute
Microsoft released !exploitable at CanSecWest this year. The debugger extension, and the accompanying slide deck can be found [here]. I...

Like deja-vu (all over again)

Reading time: ~1 min
Those of you who were around in 2001 will recall http://anti.security.is (anti-sec f.a.q).. The sentiment pops up periodically (in different...

CodeGate – 2009

Reading time: Less than a minute
[beistlabs] [CodeGate] has come and gone.. A nice writeup of the event can be found [here] with a pdf of...

Defcon 16 Videos Available..

Reading time: Less than a minute
Ok.. So The Dark Tangent announced this [a few days ago], but i felt it deserved mention because i was...

Cebit Expo 2009

Reading time: Less than a minute
SensePost have once again been invited to join the South African Department of Trade and Industry at Cebit, as one...

HITB08 – Marcus Ranum Keynote on CyberWar..

Reading time: ~1 min
I just managed to pull the HackintheBox torrents for their [2008 talks]. (SensePosters can grab a local copy [here]).  I...

ITWeb Security Summit 2009 – CFP Deadline

Reading time: Less than a minute
I just wanted to remind everyone that the CFP for the 2009 ITWeb Security Summit closes on 26 Jan. We’re...

SensePost Training @ Black Hat DC

Reading time: Less than a minute
So… Black Hat DC is rushing at us like a speeding big… speeding thing. This is just a friendly a...

Dont look now, but it seems they broke the Interwebs again..

Reading time: ~1 min
Those pesky hackers! Alex Sotirov (of heap feng shui fame, famous for breaking everything from Vista, to web browsers, to...

Ted Speaker List up and Free hackin9

Reading time: Less than a minute
(aka 2 completely unrelated topics) You can grab a free copy of the Hackin9 magazine [here]  And you can view...

More Conn News – PCI Johannesburg

Reading time: Less than a minute
I got contacted the other day (via LinkedIn actually, which is a 1st for me) about a PCI conference some...

ITWeb Security Summit 2009 – CFP Reminder

Reading time: Less than a minute
I wanted to remind folk that the CFP for the ITWeb Security Summit closes on 26 Jan 2009. You can...

Microsoft BlueHat, Videos Posted

Reading time: Less than a minute
Microsoft has posted selected videos of the latest BlueHat talks [here]. It’s pretty cool that they are now releasing these...

ITWeb Security Summit 2009 – CFP Now Open

Reading time: ~1 min
A couple of months back SensePost  were asked by a prominent South African media company to assist in the selection...

HITB08 Slides available..

Reading time: Less than a minute
Slides from the latest Hack in the Box conference [are available] [SensePost slides are listed as owing / not there...

OWASP NYC Talks Posted..

Reading time: Less than a minute
The full videos from the OWASP NYC Conf have been posted. At least one BlackHat re-run, but some look well...

BlackHat/DefCon 2008 – Tool Release(s)

Reading time: ~1 min
Hey guys.. Our BlackHat/Defcon talk this year featured a few tools that we promised to release.. The first tool, or...

BlackHat / DefCon 2008….

Reading time: Less than a minute
Hey guys.. Most of our BlackHat/Defcon team has arrived back home in one piece.. I landed with a fever and...

DefCon 16 – Hmm.. 2 of these talks seem familiar…

Reading time: Less than a minute
Some of the DC16 speaker summaries have been posted, and these 2 caught my eye: Time-Based Blind SQL Injection using...

2 Winning quotes..

Reading time: ~1 min
from the SourceBoston videos i blogged about: Dr Geer never dissapoints, and kicked it off with the 4 rules on...

2 reasons to visit sourceboston.com (and 2 reasons to rejoice!)

Reading time: Less than a minute
SourceBoston completed its first conference earlier this month, and some of the slide decks and videos are up.. While the...

RE: Sensepost at Cebit 2008

Reading time: Less than a minute
“SensePost have once again been invited to join the South African Department of Trade and Industry at Cebit, as one...

HBN Bootcamp @ Black Hat

Reading time: ~1 min
Black Hat DC this year is supposed to be “a different kind of Black Hat”. There are four tracks over...

Rob Auger from OWASP/WASC/CGiSecurity on Timing..

Reading time: ~1 min
Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our...

Defcon talks – Videos available online..

Reading time: Less than a minute
A recent maillist thread shows that the DC15 videos are anow available online [here] Our video (although my voice sounded...

Thunks from hacking games

Reading time: ~8 min
In Vegas I bought Herman “Exploiting Online Games” by Greg Hoglund and Gary McGraw. Being the saint that I am,...

On hamsters, Escaping, Escaping of Hamsters and the Lack of escaping in Hamster…

Reading time: ~5 min
OK.. So as i mentioned before, I saw Robert Graham from Erratasec demo hamster live on stage and wondered if...

mh.blackhatFeedback(Side-jacking, Hamster)

Reading time: ~2 min
Ok.. so its a lot later than i promised, but i did mention that i would post some feedback on...

F(inally)ull Release of BlackHat-Defcon Timing Stuff..

Reading time: ~2 min
The slides | tool | paper from BlackHat07/DefCon07 have been posted online for your wget’ing pleasure. More details on squeeza...

BlackHat Roundup – Ajax and h.323 and iax

Reading time: ~4 min
The bulk of security research pertaining to VoIP call control, setup and signaling protocols has focused on the Session Initiation...

Squeeza: The SQL Injection Future?

Reading time: Less than a minute
During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but...

Late BlackHat Update..

Reading time: ~1 min
ok.. so im in my room finally catching up on sleep (or will be in a few minutes) while most...

BlackHat Progress Report

Reading time: ~1 min
(always wanted to say that!) 2 SensePost Training sessions are over, and as i type The weekday sessions are at...

BlackHat, DefCon, Las Vegas

Reading time: Less than a minute
Ok.. so the 2nd plane with SensePost’ers has touched down in LasVegas and the first cheeze-pizza from the caesars food...

Viva Las Vegas!

Reading time: Less than a minute
BlackHat Vegas is almost on us again, and this will be the 6th year running that we present there.. This...

CSI Corporate Threat Modeling Talk

Reading time: ~1 min
Whew. After much last-minute war with PPT C# and ORM our slides and Beta 1.0 of our tool are available...

Threat Modelling Talk at CSI Phoenix

Reading time: ~1 min
After a six hour delay due to technical problems *before* my journey even started I’m finally on the plane and...