Our Blog

Our news

All you need to know

Abusing File Converters

Reading time: ~3 min
Every now and then you run into a new file format and you find that you may not have a...

[Another] Intercepting Proxy

Reading time: ~6 min
But, Websockets! The last week I was stuck on a web-app assessment where everything was new-age HTML5, with AngularJS and...

Break the Web at BlackHat Singapore

Reading time: ~2 min
Web application security training in 2015? It’s a valid question we get asked sometimes. With the amount of books available...

SensePost Challenge – Winners and Walkthrough

Reading time: ~10 min
We recently ran our Black Hat challenge where the ultimate prize was a seat on one of our training courses...

Associating an identity with HTTP requests – a Burp extension

Reading time: ~8 min
This is a tool that I have wanted to build for at least 5 years. Checking my archives, the earliest...

Revisting XXE and abusing protocols

Reading time: ~9 min
Recently a security researcher reported a bug in Facebook that could potentially allow Remote Code Execution (RCE). His writeup of...

Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)

Reading time: ~1 min
aka.. Someone put the hurtski on Kaspersky.. The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on...

Applescript for HTTP BruteForcing..

Reading time: ~2 min
A long time ago i blogged on the joys of using VBS to automate bruteforcing [1|2]when one didnt want to...

Rob Auger from OWASP/WASC/CGiSecurity on Timing..

Reading time: ~1 min
Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our...

BotNets not just for SPAM any more

Reading time: Less than a minute
The Symantec Security blog has an article titled “Botnets: not just for spamming anymore“. Interestingly we are now starting to...

Re: Jeremiah Grossmans “How to find your websites”

Reading time: ~3 min
Jeremiah from WhiteHatSec has just written a quick piece on how to find your websites. Now Footprinting is obviously dear...