i go through a ton of books. Over the past 10 years, this has been dominated by books on computer security, computer science, programming (and some sprinklings of management classics). I generally...
I was recently playing with a Wingate Proxy server, came across some arbitrary interestingness. So, WinGate proxy includes a remote management agent which is accessed via a client utility called...
Sure it only cost $29, but when you consider the number of people bowing down and thanking our Cupertino overlords you have to consider the following: If the Emperor was given his new clothes...
The “Fasm conference is an informal meeting of coders interested in x86 assembly programming.” Some of the videos can be grabbed [sp_local|Other] /mh
a) was the politely dropped kaminsky firefox bug [http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070620.html] It still requires a click for command execution, but considering...
Just arbitrary coolness regarding Microsoft’s Threat Modeller. It’s XSS-ible… Since this all works in file:///, not overly sure what the benefits of these things will be, but I suppose since...
SensePost is proud to announce that they have retained their status as an Approved Scanning Vendor for PCI DSS purposes. This letter of acknowledgement was gladly received: Truth be told, we did...
my wife might have a kindle, which i might have bought in the US, which she might have loved dearly.. Buying books might have been possible using the “gift card hack” or the “US Postal Address...
Hi All SensePost will be running their next Developer and Bootcamp courses for 2009, scheduled for November. Please drop me an email if you know of anyone in your area that would like to attend. –...
The other day i tweeted a link from John Dvorak reviewing Windows 7. He basically said that Microsoft was dying, and said the product was “made with the same cheap Microsoft vodka.” Dvoraks not...
-snip- From: Haroon Meer To: Marc Schneider Subject: Re: http://www.sensepost.com – Contact needed Hi Dr Schneider. * Marc Schneider [[email protected]] seemed to say: >I am Dr. Marc Schneider and I...
Like it, hate it or just plain struggling to understand it, Twitter has made a huge impact across a wide range of fields. We use it fairly heavily internally for simulated water-cooler chatter and...
Our DC-17 video (of the “Clobbering the Cloud” talk) is now available on the the new look DefCon download site: [here] All of the other DC17 videos can be found [here] (if you are a senseposter,...
ZaCon came and went, “and a fun time was had by all!” The first run was a semi-cosy affair held at the University of Johannesburg, with 16 speakers holding the crowd from 08h00 till 18h00. ZaCon...
[Alex Payne] has an excellent post up titled “Criticism, Cheerleading, and Negativity“. It’s a 2 minute read, but its worth it: ” We understand well the idea of being in favor or something, or...
Last week had two “cloud-security” related articles hit the inter-webs.. After our Vegas09 talk on “clobbering the cloud” we had a brief chat to Rob Lemos, who called us up again, so we ended up...
is currently on in Berlin. As usual [it] looks like a blast, and as usual, media [is online] before the speaker shuts down his presentation machine.. SensePosters can grab a local copy of the...
It’s the last few hours of 2009 here in South Africa so i wanted to take the opportunity really quickly to wish the 2 readers of this blog all the best for new year.. Most security “pundits” are...
Our web server lost a drive yesterday, however things seems to be back to normal. If you notice broken links or scripts, we’d appreciate a mail to info at sensepost.com.
In 80 minutes Apple will announce the tablet, and the interwebs is almost bursting with excitement and anticipation.. You absolutely have to give shouts to Apple for being able to create a...
The Apple iPad announcement set the interwebs alight, and there is no shortage of people blogging or tweeting about how it will or wont change their lives. I’m going to ignore those topics almost...
Over the years we’ve offered almost all our tools, papers, presentations and other materials for free, albeit with a “registration required” proviso. The registration wall has been in place for...
After ten fascinating years, during which many people have contributed in so many ways to the place that is SensePost, by strange coincidence it falls on me to pen the words that mark our first...
Considering how freely i’ve ranted on our blog over the past few years i found it incredibly hard to to write this post. SensePost has been my home for the better part of a decade and i have been...
Hey everyone. We will once again be presenting our BootCamp training course at the BlackHat Europe Conference. It seems this is a quiet year in terms of training sessions so I guess everyone is...
BackupExec agent is often among common services found on the internal pen tests. The agent software stores an encrypted “logon account” password in its backend MS SQL database (LoginAccounts...
This past Thursday we received notice that Boogterman & Partners would be a host company for the CANSA Shavathon 2010 taking place on Friday, 05/03/2010. So when I send out an email to everyone at...
Hey Everyone, As promised last week, we have made changes to the content of our HBN BootCamp course. We have updated the course content to include the following attack vectors, vulnerabilities and...
Ever since Ron Gula’s RiskyBusiness talk #142 about their Nessus philosophy, I decided to come out of the closet and share with our readers the work we do in the vulnerability management field....
The intertubes have been humming lately around a certain NTP feature to gather lists of NTP servers’ clients and it naturally grabbed our attention. The humming was started by HD Moore recently...