Our Blog

(local) AutoResponder

Reading time: ~1 min
When doing internals, usually an easy first step is to use Responder and wait to retrieve NTLM hashes, cracking them and...

AutoDane at BSides Cape Town

Reading time: ~6 min
Given the prevalence of Microsoft Active Directory domains as the primary means of managing large corporate networks both globally and...

Into The Cloud

Reading time: ~12 min
SensePost Training in the Cloud Picture this. Every year, a group of Plakkers (our nickname for those who work at...

Wadi Fuzzer

Reading time: ~18 min
“Operating system facilities, such as the kernel and utility programs, are typically assumed to be reliable. In our recent experiments,...

Abusing File Converters

Reading time: ~3 min
Every now and then you run into a new file format and you find that you may not have a...

Hi Jack!

Reading time: ~2 min
No, this post is not about a Leon Schuster comedic skit from the early 90’s, YouTube reference here -> https://www.youtube.com/watch?v=JzoUBvdEk1k To...

[Another] Intercepting Proxy

Reading time: ~6 min
But, Websockets! The last week I was stuck on a web-app assessment where everything was new-age HTML5, with AngularJS and...

WiFi De-authentication Rifle:

Reading time: ~5 min
Wireless: it’s everywhere these days and yet owning it never gets boring. As part of our annual SensePost hackathon, where...

Mobile Application Bootcamp – Journeyman Level – Black Hat Vegas 2015

Reading time: ~2 min
Mobile Course, O RLY? The mobile app market, and app usage, grew 76% in 2014 [1]. From shopping, utilities, productivity...

Running sslscan on 5k servers taken from Alexa’s top 10k

Reading time: ~1 min
Transport layer security has had a rough ride recently, with a number of vulnerabilities being reported. At a time when...

We need you to analyse the threats

Reading time: ~1 min
Our Intelligence service team is growing and we are looking for a Threat Analyst to join us. Not only is...

Maltego Webinar Series: Episode 01, Introduction

Reading time: Less than a minute
Hello Internet, We’re going to be hosting monthly Maltego webinar sessions, and our first one is this Friday (24th April)!...

Lovely Pwnies – Twitter Monitor

Reading time: Less than a minute
Recently there were revelations about a GHCQ initiative called ‘Lovely Horses’ to monitor certain hackers’ Twitter handles. The guys over...

Break the Web at BlackHat Singapore

Reading time: ~2 min
Web application security training in 2015? It’s a valid question we get asked sometimes. With the amount of books available...

SensePost Training

Reading time: ~3 min
Over those years, we’ve trained thousands of students in the art of offensive and defensive security through our Hacking by...

Improvements in Rogue AP attacks – MANA 1/2

Reading time: ~9 min
At Defcon 22 we presented several improvements in wifi rogue access point attacks. We entitled the talk “Manna from heaven”...

Commercial Snoopy Launch! [ ShadowLightly ]

Reading time: ~1 min
Hello world! We’ve been busy squireling away on a much requested project – a commercial Snoopy offering. We’ve called it...