Gareth linked to David Maynor’s blog where he documents the results of some simple fuzzing against the new Win32 port of Safari. Of course fanboys everywhere are going to be on this one like,...

Whew. After much last-minute war with PPT C# and ORM our slides and Beta 1.0 of our tool are available on our research site. I think the slides are pretty neat, and I’m *very* excited about the...

BlackHat Vegas is almost on us again, and this will be the 6th year running that we present there.. This year Marco and i will be taking a new look at some old attacks.. The bulk of the talk will...

Mark Shuttleworth on his blog makes it clear -snip- “We have declined to discuss any agreement with Microsoft under the threat of unspecified patent infringements.” … I have no objections to...

First IBM announced their interest in Watchfire, and now HP announces their interest in SPI Dynamics. “Consolidation in the industry” is one of those horrible phrases that are always bandied about...

Many years ago, when we first released ‘Setiri’ one of the controls that we preached was website white-listing. As talk-back trojans would connect back to arbitrary web servers on the Internet, we...

The Black Hat Briefings is arguably the most significant technical security conference in the world. It takes every year in Las Vegas and also includes a series of diverse technical training...

A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The discussion quickly gravitated towards the number of “security” companies where numbers of...

Richard Bejtlich didnt give the pre-release a glowing review but i know at least a few people waiting eagerly to get their hands on the new “Fuzzing: Brute Force Vulnerability Discovery by Michael...

Someone in the office was discussing Microsoft’s recent horrible foray into the anti-virus market. Apparently an online source held one-care as faring worse than a simple man with a perl script. A...

ok.. some of you in the office would have heard me whine when vmware fusion recently started taking my whole machine down occasionally. The joy of it being the whole machine is that ive lost my...

hmmm… i have heard this somewhere before…. ” However, in cases where your finger is used to identify or authenticate you, it’s much harder to change your password. ” /mh

Google have finally revised their cookie expiration policy, which will have user cookies expiring after 2 years. (For those of you who think this is too long, it needs to be kept in mind that this...

Deels stumbled on www.simpsonizeme.com to give me mh, the springfield edition.. Combine with your intranet mug-shots, and it could give you hours of lost productivity..

A little while back we published our first public QoW for your abuse and enjoyment, and the time to close it is ………. now. The new QoW is available here. Thanks for the efforts; we received a fair...

Ok.. so the 2nd plane with SensePost’ers has touched down in LasVegas and the first cheeze-pizza from the caesars food court has been consumed.. So little changes in caesars that it always adds to...

(always wanted to say that!) 2 SensePost Training sessions are over, and as i type The weekday sessions are at about 50%. Feedback so far has been pretty cool and its been fun to meet new people /...

During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but have been getting a few requests already for the code, so here it is.. For those who missed the talk,...

The bulk of security research pertaining to VoIP call control, setup and signaling protocols has focused on the Session Initiation Protocol (SIP), due to the ubiquity and widespread adoption of...

Spock have just opened up beyond their private beta and promise to be the most comprehensive people search tool on the interwebs.. Their model is interesting because they aim to combine wikipedia...

The slides | tool | paper from BlackHat07/DefCon07 have been posted online for your wget’ing pleasure. More details on squeeza (the tool) can be found on the squeeza page, but in a nutshell is a...

I meant to blog this whilst I was still in Vegas, but only got around to it now. Its arb, but worth a bit of thinking… Kenneth Geers’ talk titled ‘Greetz from Room 101’ was on which countries have...

Ok.. so its a lot later than i promised, but i did mention that i would post some feedback on some of the talks i ended up catching at this years BlackHat. By far the talk that grabbed the most...

OK.. So as i mentioned before, I saw Robert Graham from Erratasec demo hamster live on stage and wondered if hamster was doing useful input/output sanitization.. If it wasn’t, he was setting...

SensePost is an exciting & dynamic young company with strong values & a world vision. We specialize in high-end technical security services & we’re looking for exceptional people to help grow our...

Hernan Ochoa from Core has released the Pass the Hash Toolkit which is very cool.. It basically means that you dont have to bother cracking a password on a taken machine anymore, you can simply...

I suspect somewhere there exist cardinal rules of blogging which would state that using a single post to make 2 completely un-related posts is a no-no.. I will now promptly ignore it 2 push out 2...

For all those guys who usually scoff at CSI / Police Movies where the detective shouts “enhance image” or remove that person, you have to admit that life dos indeed imitate art.. (Click image or...

BMC did his 90 minute engedu talk on DTrace at google to show some of its coolness (and from the looks of things to help get a Linux port going). DTrace looks awesome for system instrumentation...

Some of you will know that i finally moved out of the shoe box i lived in for 6 years and moved into a house (about 3 months ago) Since then i have replaced 3 different light bulbs at different...