Our Blog
R5000 ZA research prize to be presented at B-Sides Cape Town, nominations sought
SensePost is proud to announce a competition to identify the best information security research published by a resident of South Africa in 2011 (Jan 1st to Dec 3rd). Much security research is unfunded and private but, when published, enters the toolsets and minds of security companies worldwide. South Africa’s security industry is best-described as “fledgling”, and we want to support researchers who produce quality research. Heads up: even if you’re…
Mobile Security Summit 2011
This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389). Charl was the keynote speaker and presented his insight on the impact of the adoption of mobile devices throughout Africa and the subsequent rise of security related risks. During his talk, he addressed the following: Understanding the need for mobile security to be taken seriously in Africa Analysing the broader implications for…
Squinting at Security Drivers and Perspective-based Biases
While doing some thinking on threat modelling I started examining what the usual drivers of security spend and controls are in an organisation. I’ve spent some time on multiple fronts, security management (been audited, had CIOs push for priorities), security auditing (followed workpapers and audit plans), pentesting (broke in however we could) and security consulting (tried to help people fix stuff) and even dabbled with trying to sell some security…
Metricon 2011 Summary
[I originally wrote this blog entry on the plane returning from BlackHat, Defcon & Metricon, but forgot to publish it. I think the content is still interesting, so, sorry for the late entry :)] I’ve just returned after a 31hr transit from our annual US trip. Vegas, training, Blackhat & Defcon were great, it was good to see friends we only get to see a few times a year, and make…
Decrypting iPhone Apps
This blog post steps through how to convert encrypted iPhone application bundles into plaintext application bundles that are easier to analyse. Requirements: 1) Jailbroken iPhone with OpenSSH, gdb plus other utilities (com.ericasadun.utilities etc. etc.) 2) An iPhone app 3) On your machine: otool (comes with iPhone SDK) Hex editor (0xED, HexWorkshop etc.) Ida – Version 5.2 through 5.6 supports remote debugging of iPhone applications (iphone_server). For this article, I will…
Be Inspired
Talented Innovative Quality driven Forward thinking Trusted advisors And …simply good fun! These are all phrases associated with SensePost. Do you think you have what it takes to become part of our expanding GLOBAL team? We are looking for more security assessment consultants to join us in the UK and South Africa. Security assessments are what we live and breathe – whether it’s foot-printing and obtaining enterprise domain admin rights on…
Press Release – Jane Frankland joins SensePost
The SensePost marketing division, a highly skilled team of ruthless spin-doctors, is proud to announce that they have written … a press release. Indeed, this team of fawners, flunkeys, lackeys and puffers has been slaving since early 2009 to come up with the pristine example of literary art you will read below. If you’re intimidated by what I’ve just said, harbour a fanatical dislike for marketing folks or simply don’t read…
Black Hat Abu Dhabi && Cadet Online Edition
Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected Training and three tracks of Briefings over four days from December 12 to 15 December 2011. We’re pleased to announce that SensePost will be back again this year with our exciting new Wifi hacking course – Hacking By Numbers, Unplugged Edition, launched for the 1st time in Las Vegas this…
Runtime analysis of Windows Phone 7 Applications
Runtime analysis is an integral part of most application security assessment processes. Many powerful tools have been developed to perform execution/data flow analysis and code debugging for desktop and server operating systems. Although a few dynamic analysis tools such as DroidBox are available for Android, I currently know of no similar public tools for the Windows Phone 7 platform. The main challenge for Windows Phone 7 is the lack of…
Hacking Online Auctions – UnCon && ITWeb talk
I gave an updated version of my ‘Hacking Online Auctions’ talk at UnCon in London last week. The talk gave a brief intro to general auction theory, and how the models can be applied online, but the main focus was on ‘penny auction’ websites. What are those all about then? Well, during my Masters last year I took a course on Internet Economics, and one of the modules involved auction…