After several months of dedicated … uh dedication, our new network footprinting tool is being made available to the masses. It’s called Yeti and it is a cross-platform, Java application. It’s...
Hola amigos, We will be running our elite “Combat Training” at the BlackHat Briefings in Barcelona this March (talk lineup) and this course is the flagship of our established Hacking by Numbers...
It is always a little bemusing to hear that we only provide pentests. Since 2001, SensePost has offered a very comprehensible vulnerability management service that’s evolved through multiple...
The ITWeb Security Summit is creeping up on us again and will be happening on the 10-11th of May. This year ITWeb went with something slightly different, and are asking for people to suggest who...
You’ve seen the movies. You’ve seen the cooler than life characters hacking systems using obscure keyboards and operating systems that seem to float through the network, so how about now really...
An education isn’t how much you have committed to memory, or even how much you know. It’s being able to differentiate between what you know and what you don’t. – Anatole France Jobs within...
Salut à tous, It’s that time of the year again and like every year, we’ll once again be running our ever-popular “BOOTCAMP EDITION” at the BlackHat Briefings in Las Vegas this July-August. This...
A longish post, but this wasn’t going to fit into 140 characters. This is an argument pertaining to security metrics, with a statement that using pure vulnerability count-based metrics to talk...
The brand new BlackOps HBN course makes its debut in Vegas this year. The course finds its place as a natural follow on from Bootcamp, and prepares students for the more intense Combat edition....
Well, we’re ramping up with the new Hacking By Numbers W^3 edition course we will be presenting at BlackHat Vegas this year. This course is a replacement for the Web2.0 course we successfully...
The text that follows is a short statement I prepared for the press ahead of my presentation at the ‘The International Conference on Cyber Conflict’ (http://www.ccdcoe.org/ICCC/) in Tallinn,...
Over the last few years there has been a popular meme talking about information centric security as a new paradigm over vulnerability centric security. I’ve long struggled with the idea of...
In light of recent mass hacks (HBGary, Sony, Nintendo, etc) one would have thought that collectively, companies would take notice and at least be slightly more aware of the potential implications...
As we draw nearer to Black Hat Vegas we get a lot of requests from people who need help choosing between one of our courses or the other. In order to provide people with a single, consolidated...
Security policies are necessary, but their focus is to the detriment of more important security tasks. If auditors had looked for trivial SQL injection on a companies front-page as hard as they...
On this past Thursday we spoke at BlackHat USA on Python Pickle. In the presentation, we covered approaches for implementing missing functionality in Pickle, automating the conversion of Python...
Dominic is currently in the air somewhere over the Atlantic, returning from a long trip that included BlackHat, DefCon and lastly Metricon6, where he spoke on a threat model approach that he has...
Until recently, there was a distinct lack of decent, high-quality technical security conferences held in the United Kingdom. Home to the Global Financial Centre, London, there isn’t a shortage of...
[2011/9/6 Edited to add Slideshare embed] I am currently in London at the first ever 44con conference. It’s been a fantastic experience so far – excellent talks & friendly people. Yesterday, I...
I gave an updated version of my ‘Hacking Online Auctions’ talk at UnCon in London last week. The talk gave a brief intro to general auction theory, and how the models can be applied online, but...
Runtime analysis is an integral part of most application security assessment processes. Many powerful tools have been developed to perform execution/data flow analysis and code debugging for...
Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected Training and three tracks of Briefings over four days from December 12 to 15 December 2011....
The SensePost marketing division, a highly skilled team of ruthless spin-doctors, is proud to announce that they have written … a press release. Indeed, this team of fawners, flunkeys, lackeys and...
Talented Innovative Quality driven Forward thinking Trusted advisors And …simply good fun! These are all phrases associated with SensePost. Do you think you have what it takes to become part of...
This blog post steps through how to convert encrypted iPhone application bundles into plaintext application bundles that are easier to analyse. Requirements: 1) Jailbroken iPhone with OpenSSH, gdb...
[I originally wrote this blog entry on the plane returning from BlackHat, Defcon & Metricon, but forgot to publish it. I think the content is still interesting, so, sorry for the late entry :)]...
While doing some thinking on threat modelling I started examining what the usual drivers of security spend and controls are in an organisation. I’ve spent some time on multiple fronts, security...
This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389). Charl was the keynote speaker and presented his insight on...
SensePost is proud to announce a competition to identify the best information security research published by a resident of South Africa in 2011 (Jan 1st to Dec 3rd). Much security research is...
On Saturday Dec 3, at BSides Cape Town we announced the winner of a prize for local information security research. The purpose of the competition was twofold. Firstly, to highlight interesting...