SensePost | Blog | Programming

Serial PitM

Reading time: ~20 min

Posted by Rogan Dawes on 06 February 2024

Categories: Hardware, Mitm, Programming, Techniques, Tool

Sometimes you need to get in the way of a hardware device and its controller, and see what it has...

Left To My Own Devices – Fast NTCracking in Rust

Reading time: ~17 min

Posted by Dominic White on 16 February 2022

Categories: Cracking, Hashcat, Ntlm, Programming, Rust, Performance

When I got a new MacBook with an M1 Pro chip, I was excited to see the performance benefits. The...

USaBUSe Linux updates

Reading time: ~6 min

Posted by Rogan Dawes on 10 March 2017

Categories: Abuse, Backdoor, Build-it, Conferences, Empire, Exploit, Hardware, Internals, Linux, Metasploit, Programming, Real-world, Research, Shells, Tunnelling

(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting...

Channel 4 – Mobile Phone Experiment

Reading time: ~2 min

Posted by glenn on 06 February 2014

Categories: Mobile, Programming

This evening we were featured on Channel 4’s DataBaby segment (link to follow). Channel 4 bought several second hand mobile...

RAT-a-tat-tat

Reading time: Less than a minute

Posted by jeremy on 22 November 2013

Categories: Conferences, Defense, Malware analysis, Nmap, Presentations, Programming

Hey all, So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison...

Offence oriented defence

Reading time: ~3 min

Posted by Dominic White on 06 September 2013

Categories: Conferences, Defense, Presentations, Product, Programming

We recently gave a talk at the ITWeb Security Summit entitled “Offense Oriented Defence”. The talk was targeted at defenders...

A software level analysis of TrustZone OS and Trustlets in Samsung Galaxy Phone

Reading time: ~15 min

Posted by behrang on 04 June 2013

Categories: Mobile, Programming, Python

Introduction: New types of mobile applications based on Trusted Execution Environments (TEE) and most notably ARM TrustZone micro-kernels are emerging which...

Stay low, move fast, shoot first, die last, one shot, one kill, no luck, pure skill …

Reading time: ~2 min

Posted by george on 23 May 2013

Categories: Blackhat, Programming

We’re excited to be presenting our Hacking By Numbers Combat course again at Black Hat USA this year. SensePost’s resident...

Windows Domain Privilege Escalation : Implementing PSLoggedOn in Metasploit (+ a bonus history module)

Reading time: ~3 min

Posted by etienne on 22 April 2013

Categories: Howto, Metasploit, Pentest, Programming

There are multiple paths one could take to getting Domain Admin on a Microsoft Windows Active Directory Domain. One common...

Google Docs XSS – no bounty today

Reading time: ~3 min

Posted by inaki on 04 March 2013

Categories: Programming, Python, Google, Vulnerability

A few days ago, during one of those nights with the baby crying at 2:00 am and the only thing...

Poking Around in Android Memory

Reading time: ~5 min

Posted by etienne on 11 February 2013

Categories: Memory analysis, Mobile, Programming

Taking inspiration from Vlad’s post I’ve been playing around with alternate means of viewing traffic/data generated by Android apps. The...

T-Shirt Shell Competition

Reading time: ~3 min

Posted by Dominic White on 23 November 2012

Categories: Fun, Post-exploitation, Programming, Shells

For our internal hackathon, we wanted to produce some shirts. We ran a competition to see who could produce a...

Solution for the 44Con Challenge

Reading time: Less than a minute

Posted by junaid on 03 September 2012

Categories: 44con, Metasploit, Programming, Solution, Training

Last week, we published our 44Con “SillySIP” Challenge for free entry to our BlackOps training course at the 44Con conference...

44Con Challenge

Reading time: ~2 min

Posted by junaid on 24 August 2012

Categories: 44con, Metasploit, Programming, Training

In a similar fashion to the BlackHat challenge held earlier this year, we’re giving away a free ticket to our...

Solution for the BlackHat Challenge

Reading time: ~4 min

Posted by behrang on 22 June 2012

Categories: Blackhat, Crypto, Programming

We had published a network protocol analysis challenge for free entry to our BlackHat 2012 Vegas training courses and received...

BlackHat Challenge

Reading time: ~2 min

Posted by behrang on 14 June 2012

Categories: Blackhat, Crypto, Materials, Programming, Training

This year marks a special anniversary for us at SensePost in that we’ve been training at BlackHat for over a...

Preflighting Application Error (0xE800000*) on iPhones

Reading time: Less than a minute

Posted by Haroon Meer on 04 November 2008

Categories: Programming

For those writing apps for the iPhone, you have a good chance of bumping into the highly annoying preflighting application...

Lets hope it does better than netsec.reddit..

Reading time: Less than a minute

Posted by Haroon Meer on 11 September 2008

Categories: Programming, Reversing

Introducing [http://www.reddit.com/r/ReverseEngineering/] (like its name suggests, a reddit thats all about Code RE..)

Another time sink-hole..

Reading time: Less than a minute

Posted by Haroon Meer on 29 December 2007

Categories: Fun, Programming, Training

A while back some of us discovered and subsequently lost days to “The Python Challenge“. Well.. prepare to write off...

MSDN Mag – Security Edition is out..

Reading time: Less than a minute

Posted by Haroon Meer on 16 October 2007

Categories: Programming, Readme

The November edition of MSDN magazine [is available] and is another security issue.. The articles look interesting, and if you...

Ok.. Now this is pretty cool…

Reading time: Less than a minute

Posted by Haroon Meer on 22 August 2007

Categories: Fun, Programming

For all those guys who usually scoff at CSI / Police Movies where the detective shouts “enhance image” or remove...

Our Blog