Our Blog

A distinguisher for SHA256 using Bitcoin (mining faster along the way)

Reading time: ~5 min
This post assumes a passing familiarity with what a Distinguishing Attack on a cryptographic hash is, as well as the...

Recreating certificates using Apostille

Reading time: ~3 min
Sometimes on an engagement, you’d like to construct a believable certificate chain, that you have the matching private keys for....

BlackHat Conference: Z-Wave Security

Reading time: ~1 min
We are publishing the research paper and tool for our BlackHat 2013 USA talk on the Z-Wave proprietary wireless protocol...

Solution for the BlackHat Challenge

Reading time: ~4 min
We had published a network protocol analysis challenge for free entry to our BlackHat 2012 Vegas training courses and received...

BlackHat Challenge

Reading time: ~2 min
This year marks a special anniversary for us at SensePost in that we’ve been training at BlackHat for over a...

Decrypting iPhone Apps

Reading time: ~7 min
This blog post steps through how to convert encrypted iPhone application bundles into plaintext application bundles that are easier to...

Decrypting Symantec BackupExec passwords

Reading time: ~1 min
BackupExec agent is often among common services found on the internal pen tests. The agent software stores an encrypted “logon...

Two quick links on “how your app got hacked, even though it looked ok”

Reading time: Less than a minute
The first one from hacker news, aptly titled “How I Hacked Hacker News (with arc security advisory)” and the 2nd,...

Chris Eng 1 – 0 Verizon DBIR Cover

Reading time: Less than a minute
Chris Eng over [at the Veracode blog] documents how he approached, and decoded the info behind the [2009 Verizon Data...