On Saturday Dec 3, at BSides Cape Town we announced the winner of a prize for local information security research. The purpose of the competition was twofold. Firstly, to highlight interesting...

School’s never out for the Pro! We’re proud to announce that we are now offering our highly successful penetration testing training courses to the UK market from 2012. SensePost has been providing...

Our next locally scheduled training sessions have been planned for March. If you’re interested in attending, the dates and locations are: 1) HBN Extended (Cadet Camp; Bootcamp) 6-9th March The HBN...

By the year 2015 sub-Saharan Africa will have more people with mobile network access than with access to electricity at home. This remarkable fact from a 2011 MobileMonday report came to mind...

We were asked to contribute an article to PenTest magazine, and chose to write up an introductory how-to on footprinting. We’ve republished it here for those interested. Network foot printing is,...

Pretoria South Africa — SensePost, a leader in penetration testing and information security services, announced today that Pfortner had called on their expertise to validate their encryption...

As 44Con 2012 starts to gain momentum (we’ll be there again this time around) I was perusing some of the talks from last year’s event… It was a great event with some great presentations, including...

This year, for the fourth time, myself and some others here at SensePost have worked together with the team from ITWeb in the planning of their annual Security Summit. A commercial conference is...

First, some background on CREST in the form of blatant plagiarism… CREST – The Council for Registered Ethical Security Testers – exists to serve the needs of a global information security...

Widespread use of smart phones by employees to perform work related activities has introduced the idea of using these devices as an authentication token. As an example of such attempts, RSA...

There has been a healthy reaction to our initial post on our research into the RSA SecureID Software Token. A number of readers had questions about certain aspects of the research, and I thought...

This year marks a special anniversary for us at SensePost in that we’ve been training at BlackHat for over a decade now. To celebrate this, we thought we’d give away a free ticket to any of our...

We had published a network protocol analysis challenge for free entry to our BlackHat 2012 Vegas training courses and received seven correct answers. We’d like to thank those who attempted this...

Hey All, We’re about locked and loaded down here in ZA – ready to tackle the looooong journey to Vegas for Black Hat. If you’re headed to Black Hat but haven’t yet booked training there’s still...

Brilliant, the client has decided to implement their own CMS and you’ve found a variable that’s vulnerable to SQL injection. Starting up your favourite SQL exploitation tool, you upload a suitable...

I was playing with a few SQL server idiosyncrasies more than a year ago before becoming so completely distracted with the whole SAP protocol-decoding business. Having some time on my hands for...

In a similar fashion to the BlackHat challenge held earlier this year, we’re giving away a free ticket to our BlackOps course at this year’s 44Con. As a penetration tester, knowledge of an issue...

Last week, we published our 44Con “SillySIP” Challenge for free entry to our BlackOps training course at the 44Con conference this year. We’d like to thank all those who attempted this challenge....

Today’s smart cards such as banking cards and smart corporate badges are capable of running multiple tiny applications which are often written in high level programming languages like Java or...

At this year’s 44Con conference (held in London) Daniel and I introduced a project we had been working on for the past few months. Snoopy, a distributed tracking and profiling framework, allowed...

We’re extremely proud to announce today the promotion of a number of key people here at SensePost. Shane Kemp, Daniel Cuthbert and Dominic White will be promoted to Global Sales Manager, Chief...

\ Like many businesses we at SensePost are aware of how fortunate we are and and of the many around us who struggle to make ends meet day to day. We have a heart for our community and regularly...

The Council for Scientific and Industrial Research (CSIR) recently hosted the nation Cyber Games Challenge as part of Cyber Security Awareness month. The challenge pit teams of 4-5 members from...

Hijacking SSL sessions initiated by the browser is a trivial task. The challenge comes when trying to intercept SSL traffic in applications such as Dropbox or Easynote. These apps create...

For our internal hackathon, we wanted to produce some shirts. We ran a competition to see who could produce a reverse shell invocation most worthy of inclusion on a shirt. Here are the...

When performing spear phishing attacks, the more information you have at your disposal, the better. One tactic we thought useful was this Skype security flaw disclosed in the early days of 2012...

Organising our yearly training event at Blackhat in Las Vegas is no mean feat. With well over two hundred students to prepare for, the size of Caesars Palace to contend with (last year, we, on...

Last month saw the inaugural SensePost hackathon happen in our new offices in Brooklyn, South Africa. It was the first time the entire company would be in the same room, let alone the same...

We blogged a little while back about the Snoopy demonstration given at 44Con London. A similar talk was given at ZaCon in South Africa. Whilst we’ve been promising a release for a while now, we...

ASP.NET HttpHandlers are interesting components of a .NET web application when performing security assessments, mainly due to the fact they are the most exposed part of the application processing...