Our Blog

XRDP: Exploiting Unauthenticated X Windows Sessions

Reading time: ~9 min
In this blog post we are going to describe some tools we created to find and exploit unauthenticated X Windows sessions....

BSides Cape Town Secret Squirrel Challenge Write-Up

Reading time: ~6 min
Last weekend was the BSides Cape Town conference, currently ZA’s only hacker con. It’s a cool little con with big...

Rattler:Identifying and Exploiting DLL Preloading Vulnerabilities

Reading time: ~8 min
In this blog post I am going to describe a new tool (Rattler) that I have been working on and...

Intercepting passwords with Empire and winning!

Reading time: ~6 min
This is my password,” said the King as he drew his sword. “The light is dawning, the lie broken. Now...

Kwetza: Infecting Android Applications

Reading time: ~13 min
This blog post describes a method for backdooring Android executables. After describing the manual step, I will show how to...

Snoopy with Mana

Reading time: ~4 min
In 2011 Glenn and Daniel released Snoopy, a set of tools for tracking and visualising wireless client activity. However, the Snoopy...

What to look for in a training provider

Reading time: ~6 min
In the last few years, the infosec training scene has exploded. Arguably, the largest training provider is Blackhat, and in...

MAPI over HTTP and Mailrule Pwnage

Reading time: ~8 min
History In December 2015 Silent Break Security wrote about “Malicious Outlook Rules” and using these to get a remote shell....

Universal Serial aBUSe

Reading time: ~15 min
Last Saturday, at Defcon 24, we gave a talk entitled “Universal Serial aBUSe: Remote Physical Access Attacks” about some research...

SensePost at Blackhat & Defcon 2016

Reading time: ~2 min
The annual Hacker Summer Camp is nearly upon us, everyone at SensePost is getting ready. This is a brief overview...

PwnBank en route to Vegas

Reading time: ~3 min
Everyone has a mobile phone (ok some have two) and the wealth of information people put into them is staggering....

PowerShell, C-Sharp and DDE The Power Within

Reading time: ~6 min
aka Exploiting MS16-032 via Excel DDE without macros. The modified exploit script and video are at the end. A while...

Handling Randomised MAC Addresses in MANA

Reading time: ~3 min
mana development has been chugging along nicely. However, the OffSec crew politely asked us to move mana to proper releases...

Where SensePost meets the real world

Reading time: ~5 min
SensePost Training at Blackhat USA What is SensePost infrastructure training about and what does it give you as a novice pentester?...

Not-quite-triangulation using the who’s near me feature in location-aware web apps

Reading time: ~3 min
When assessing web applications, we typically look for vulnerabilities such as SQLi and XSS, which are generally a result of...

Too Easy – Adding Root CA’s to iOS Devices

Reading time: ~8 min
With the recent buzz around the iMessage crypto bug from the John’s Hopkins team, several people pointed out that you...

DET – (extensible) Data Exfiltration Toolkit

Reading time: ~2 min
Often gaining access to a network is just the first step for a targeted attacker. Once inside, the goal is...

Advanced Cycript and Substrate

Reading time: ~9 min
Mobile assessments are always fun as the environment is constantly evolving. A recent trend has been the use of custom...

Android hooking with Introspy

Reading time: ~8 min
Here’s my first blog where I’ll try to write up how I’ve managed to set up the Introspy framework for...

Understanding Locky

Reading time: ~10 min
A few days ago I was asked to have a look at the newly emerged crypto-ransomware threat “Locky” which utilises Dridex-like Command and Control...

Bringing the hashes home with reGeorg & Empire

Reading time: ~4 min
Is not a hack until you are 3 tunnels deep – Ian de Villiers External assessments. It’s about not only...

Sensepost Maltego Toolkit: Skyper

Reading time: ~4 min
Collecting and performing Open Source Intelligence (OSINT) campaigns from a wide array of public sources means ensuring your sources contain...