Our Blog

Dangers of Custom ASP.NET HttpHandlers

Reading time: ~2 min
ASP.NET HttpHandlers are interesting components of a .NET web application when performing security assessments, mainly due to the fact they...

Snoopy Release

Reading time: ~4 min
We blogged a little while back about the Snoopy demonstration given at 44Con London. A similar talk was given at...

SensePost Hackathon 2012

Reading time: ~5 min
Last month saw the inaugural SensePost hackathon happen in our new offices in Brooklyn, South Africa. It was the first...

Skype Passive IP Disclosure Vulnerability

Reading time: ~2 min
When performing spear phishing attacks, the more information you have at your disposal, the better. One tactic we thought useful...

T-Shirt Shell Competition

Reading time: ~3 min
For our internal hackathon, we wanted to produce some shirts. We ran a competition to see who could produce a...

HTTPS via WinAPI

Reading time: ~1 min
Hijacking SSL sessions initiated by the browser is a trivial task. The challenge comes when trying to intercept SSL traffic...

CSIR Cyber Games

Reading time: ~4 min
The Council for Scientific and Industrial Research (CSIR) recently hosted the nation Cyber Games Challenge as part of Cyber Security Awareness month....

Charity Drive – Antarctica Expedition

Reading time: ~3 min
\ Like many businesses we at SensePost are aware of how fortunate we are and and of the many around...

SensePost People News

Reading time: ~2 min
We’re extremely proud to announce today the promotion of a number of  key people here at SensePost. Shane Kemp, Daniel...

Snoopy: A distributed tracking and profiling framework

Reading time: ~17 min
At this year’s 44Con conference (held in London) Daniel and I introduced a project we had been working on for...

44Con: Vulnerability analysis of the .NET smart Card Operating System

Reading time: ~1 min
Today’s smart cards such as banking cards and smart corporate badges are capable of running multiple tiny applications which are...

Solution for the 44Con Challenge

Reading time: Less than a minute
Last week, we published our 44Con “SillySIP” Challenge for free entry to our BlackOps training course at the 44Con conference...

44Con Challenge

Reading time: ~2 min
In a similar fashion to the BlackHat challenge held earlier this year, we’re giving away a free ticket to our...

Privilege Escalation in SQL Server (Depending on some dodgy requirements)

Reading time: ~3 min
I was playing with a few SQL server idiosyncrasies more than a year ago before becoming so completely distracted with...

BlackOps – Post Exploitation Fun and Games

Reading time: ~2 min
Brilliant, the client has decided to implement their own CMS and you’ve found a variable that’s vulnerable to SQL injection....

Black Hat Training Classes Update

Reading time: ~2 min
Hey All, We’re about locked and loaded down here in ZA – ready to tackle the looooong journey to Vegas...

Solution for the BlackHat Challenge

Reading time: ~4 min
We had published a network protocol analysis challenge for free entry to our BlackHat 2012 Vegas training courses and received...

BlackHat Challenge

Reading time: ~2 min
This year marks a special anniversary for us at SensePost in that we’ve been training at BlackHat for over a...

RSA SecureID software token update

Reading time: ~4 min
There has been a healthy reaction to our initial post on our research into the RSA SecureID Software Token. A...

A closer look into the RSA SecureID software token

Reading time: ~7 min
Widespread use of smart phones by employees to perform work related activities has introduced the idea of using these devices...

CREST South Africa? Let’s talk…

Reading time: ~1 min
First, some background on CREST in the form of  blatant plagiarism… CREST – The Council for Registered Ethical Security Testers...

ITWeb Security Summit 2012

Reading time: ~3 min
This year, for the fourth time, myself and some others here at SensePost have worked together with the team from...

Pentesting in the spotlight – a view

Reading time: ~9 min
As 44Con 2012 starts to gain momentum (we’ll be there again this time around) I was perusing some of the talks...

Pfortner calls on SensePost expertise to validate their security posture

Reading time: ~2 min
Pretoria South Africa — SensePost, a leader in penetration testing and information security services, announced today that Pfortner had called...

Foot printing – Finding your target…

Reading time: ~15 min
We were asked to contribute an article to PenTest magazine, and chose to write up an introductory how-to on footprinting....

Mobile Security – Observations from the developing world

Reading time: ~6 min
By the year 2015 sub-Saharan Africa will have more people with mobile network access than with access to electricity at...

Hacking By Numbers – March 2012

Reading time: ~1 min
Our next locally scheduled training sessions have been planned for March. If you’re interested in attending, the dates and locations...