So… Black Hat DC is rushing at us like a speeding big… speeding thing. This is just a friendly a reminder about the show (Hyatt Regency Crystal City • February 16-19). We have two courses on offer...

Yup, that’s right, BiDIBLAH 2.0 has finally been released and is available for purchase at an incredibly low US$500!! You can get BiDiBLAH here. Users who would like to try it out first, can...

I just wanted to remind everyone that the CFP for the 2009 ITWeb Security Summit closes on 26 Jan. We’re hoping to see much more in the way of submissions from local infosec people (especially...

haroon :(

A few years ago, Mohamed Nanabhay was considering joining SensePost and i was trying hard to convince him it was the way and the light. He had been a KPMG auditor in a past life (but i promised...

I’ve developed a FTP like multi-threaded server application as a target for this challenge of the month. It has been coded in c and compiled by VC++ 2008. This is a three step challenge: Step 1-...

Not the boring pile of papers kind.. the shiny pants and sunglasses kind: Turns out you can find him blogging these days at [http://research.zscaler.com/] PS. if you dont know who RFP is, you are...

Over at [Rational Survivability] beaker as coined the term EDoS. To describe how “the utility and agility of the cloud computing models such as Amazon AWS (EC2/S3) and the pricing models that go...

The recent widespread carnage caused by the Conficker worm is astounding, but is also comforting, in a strange way. It has been a good few years since the world saw a worm outbreak of this...

Anyone who has honestly reflected on what they know about hiring, will tell you that no matter how locked-down you think you have it, you dont. There is still way too much left to chance and way...

aka.. Someone put the hurtski on Kaspersky.. The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on a SQL Injection vulnerability that was exploited on AV vendor...

We’ve received a number of queries regarding folkses unable to get the ASPX version of reDuh to work. In truth, the client had a faulty HTTP implementation meaning that HTTP requests were...

An additional issue has been discovered in the ASPX version of reDuh. Although the script did work as expected, it did not set the ScriptTimeout value. This resulted in reDuh terminating active...

This is probably really old news (to some), but was in the company of sattelite TV this weekend and saw that Joe Grand now has a TV Slot all of his own. “Prototype This” looks like it will be...

Yes, it is time to offer some technical input by way of our HBN Extended Edition training. There will be no Christmas hat this time round but lots of valued input. We have scheduled our first...

I just managed to pull the HackintheBox torrents for their [2008 talks]. (SensePosters can grab a local copy [here]). I watched Marcus Ranums “Cyberwar is Bullshit” talk. A talk that was truly...

We’ve had some feedback from some BiDiBLAH / SPUD users regarding a few changes… Firstly, SPUD seems to be crashing under a few instances of Vista… We’ve taken note of the issue and will spend...

SensePost have once again been invited to join the South African Department of Trade and Industry at Cebit, as one of 15 SA companies, to exhibit on their pavilion. Visitors to this show range in...

(aka – Whoot! we are almost famous!!) Jeremiah Grossman’s panel of judges (Rich Mogull, Chris Hoff, HD Moore and RFP) hath spoken (or spake) and the top 10 web-hacking techniques of 2008 have been...

BusinessWeek reports that VMWare has launched a new product aimed at establishing it as a competitor in the cloud computing space. -snip- Dubbed the Virtual Data Center Operating System (VDC-OS),...

About 2 weeks ago the battery performance on my machine took a sudden nose dive. Worse than the fact that it started giving me only about 1 hour, is the fact that its become perfectly unreliable...

With our recent release of BiDiBLAH 2.0, we’ve decided to revisit some real world scenarios, and ways BiDiBLAH can deal with it… All the scenarios can be downloaded from the BiDiBLAH home page....

Ok.. So The Dark Tangent announced this [a few days ago], but i felt it deserved mention because i was genuinely wow’ed at the video quality.. I have only gone through a couple of the...

Interesting post by Michael Dahn at pcianswers.com discussed (again) the difference between compliance and security. Do you know the joke about the difference between a canary? Apparently, its one...

[beistlabs] [CodeGate] has come and gone.. A nice writeup of the event can be found [here] with a pdf of challenges and solutions [here]

and i am that idiot… Developers signed up with Apples Dev Program get to take iPhoneOS3.0 out for a spin, so that the app store can have ver3 apps when the new OS launches.. A quick download (as...

We’ve been busying ourselves with the PCI DSS in one way or another for more than a year now here at SensePost. Its been a frustrating exercise of mixed messages, politics, tokenism, mixed in with...

Those of you who were around in 2001 will recall http://anti.security.is (anti-sec f.a.q).. The sentiment pops up periodically (in different forms) and it seems like CansecWest this year has seen...

Truly tragic. We are all poorer for it.. It really was an honor and a privilege to have known him..

Microsoft released !exploitable at CanSecWest this year. The debugger extension, and the accompanying slide deck can be found [here]. I have not looked at it, but a glance at the slides implies...