Our Blog
Systems Applications Proxy Pwnage
[2011/9/6 Edited to add Slideshare embed] I am currently in London at the first ever 44con conference. It’s been a fantastic experience so far – excellent talks & friendly people. Yesterday, I presented a paper titled “Systems Applications Proxy Pwnage” . The talk precis sums it up nicely: It has been common knowledge for a number of years that SAP GUI communicates using an unencrypted and compressed protocol by default,…
SensePost @ 44Con – Join us!
Until recently, there was a distinct lack of decent, high-quality technical security conferences held in the United Kingdom. Home to the Global Financial Centre, London, there isn’t a shortage of industries who require secure applications and rely on secure infrastructure and applications to operate. With this in mind, 44Con is the first combined information security conference and training event held in Central London. The con will provide business and technical tracks, aimed at…
Metricon6 Presentation
Dominic is currently in the air somewhere over the Atlantic, returning from a long trip that included BlackHat, DefCon and lastly Metricon6, where he spoke on a threat model approach that he has picked up and fleshed out. He has promised a full(er) write-up on his glorious return, however in the meantime his slides are below. An updated copy of the CTM tool is on the CTM page, as is…
BlackHat 2011 Presentation
On this past Thursday we spoke at BlackHat USA on Python Pickle. In the presentation, we covered approaches for implementing missing functionality in Pickle, automating the conversion of Python calls into Pickle opcodes, scenarios in which attacks are possible and guidelines for writing shellcode. Two tools were released: Converttopickle.py – automates conversion from Python-like statements into shellcode. Anapickle – helps with the creation of malicious pickles. Contains the shellcode library.…
Security Policies – Go Away
Security policies are necessary, but their focus is to the detriment of more important security tasks. If auditors had looked for trivial SQL injection on a companies front-page as hard as they have checked for security polices, then maybe our industry would be in a better place. I want to make this go away, I want to help you tick the box so you can focus on the real work.…
SensePost Black Hat Course Summary & chosing the right courses
As we draw nearer to Black Hat Vegas we get a lot of requests from people who need help choosing between one of our courses or the other. In order to provide people with a single, consolidated summary of all the courses we’ll be offering this year I’ve put together a rough summary doc that outlines all the courses and attempts to illustrate how they fit together. Get it here:…
House of Cards
In light of recent mass hacks (HBGary, Sony, Nintendo, etc) one would have thought that collectively, companies would take notice and at least be slightly more aware of the potential implications vulnerabilities in public-facing services could have. The problem appears to be that these hacks, and indeed hackers, aren’t that technically superior and more often than not, take advantage of simple flaws. Some flaws, like SQL injection, provide so much access…
Threat Modeling vs Information Classification
Over the last few years there has been a popular meme talking about information centric security as a new paradigm over vulnerability centric security. I’ve long struggled with the idea of information-centricity being successful, and in replying to a post by Rob Bainbridge, quickly jotted some of those problems down. In pre-summary, I’m still sceptical of information-classification approaches (or information-led control implementations) as I feel they target a theoretically sensible idea,…
From the International Conference on Cyber Conflict
The text that follows is a short statement I prepared for the press ahead of my presentation at the ‘The International Conference on Cyber Conflict’ (http://www.ccdcoe.org/ICCC/) in Tallinn, Estonia. It felt like I had very mixed response, so I’d be interested to hear what others think… Any opinion can only be understood if you also understand its context. Therefore, in order to understand the thinking that follows, you also have…
Hacking By Numbers: W^3 Edition
Well, we’re ramping up with the new Hacking By Numbers W^3 edition course we will be presenting at BlackHat Vegas this year. This course is a replacement for the Web2.0 course we successfully presented over the past three years and sports a whole bunch of new and improved practicals. We’ve also upped the technology being used and the presentation is chock-full of ASCII sheep… :) The new course is an…