We recently gave a talk at the ITWeb Security Summit entitled “Offense Oriented Defence”. The talk was targeted at defenders and auditors, rather then hackers (the con is oriented that way),...
We’re pleased to announce our acquisition today by SecureData Europe. SecureData (www.secdata.com) is a complete independent security services provider based in the UK and was also previously part...
For the last year, Glenn and I have been obsessed with our phones; especially with regard to the data being leaked by a device that is always with you, powered on and often provided with a fast...
Hey all, So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison Ivy NSE script as well as the DarkComet config extractor. Rat a-tat-tat from SensePost...
December sees SensePost presenting Hacking by Numbers: Mobile at BlackHat West Coast Trainings. This course was first presented at BlackHat Vegas 2013 and 44Con 2013, growing in popularity and...
Botconf’13, the “First botnet fighting conference” took place in Nantes, France from 5-6 December 2013. Botconf aimed to bring together the anti-botnet community, including law enforcement, ISPs...
With 2013 coming to a close, I thought it pertinent to look back at the year we’ve had and also forward to what’s promising to be an incredibly exciting 2014 for us. 2013 for SensePost, was a year...
Aah, January, a month where resolutions usually flare out spectacularly before we get back to the couch in February. We’d like to help you along your way with a reverse engineering challenge put...
Recently a security researcher reported a bug in Facebook that could potentially allow Remote Code Execution (RCE). His writeup of the incident is available here if you are interested. The thing...
This evening we were featured on Channel 4’s DataBaby segment (link to follow). Channel 4 bought several second hand mobile phones that had been “wiped” (or rather reset to factory default) from...
The British Special Air Service (SAS) have a motto that’s rather fitting for their line of work – Who Dares Wins To a degree, the same could be said for our newly updated Hacking by Numbers...
What originally started as one of those “hey, wouldn’t this be cool?” ideas, has blossomed into a yearly event for us at SensePost. SenseCon is a time for all of us to descend on South Africa and...
Why Infrastructure Hacking Isn’t Dead If you work in IT Security you may have heard people utter the phrase, “Infrastructure hacking is dead!” We hear this all the time but in all honesty, our...
This is a tool that I have wanted to build for at least 5 years. Checking my archives, the earliest reference I can find is almost exactly 5 years ago, and I’ve been thinking about it for longer,...
This blog post is about the process we went through trying to better interpret the masses of scan results that automated vulnerability scanners and centralised logging systems produce. A good...
Friday the 13th seemed like as good a date as any to release Snoopy 2.0 (aka snoopy-ng). For those in a rush, you can download the source from GitHub, follow the README.md file, and ask for help...
At SensePost we get to enjoy some challenging assessments and do pretty epic things. Some days it feels like the only thing that could make it better would be driving tanks while doing it. The...
We recently ran our Black Hat challenge where the ultimate prize was a seat on one of our training courses at Black Hat this year. This would allow the winner to attend any one of the following:...
There is a serious skills shortage in our industry. There are just not enough skilled hackers out there to fill all the open positions. In November of last year, I proposed a new approach for us...
We’ve been big fans of Maltego and the team at Paterva for a very long time now, and we frequently use this powerful tool for all kinds of fun and interesting stuff, like Using Maltego to explore...
Hello from Las Vegas! Yesterday (ed: uh, last week, my bad) I gave a talk at DefCon 22 entitled ‘Practical Aerial Hacking & Surveillance‘. If you missed the talk the slides are available here....
Jack is a tool I created to help build Clickjacking PoC’s. It uses basic HTML and Javascript and can be found on github, https://github.com/sensepost/Jack To use Jack, load Jack’s HTML,CSS and JS...
Hello world! We’ve been busy squireling away on a much requested project – a commercial Snoopy offering. We’ve called it ShadowLightly, and we’d like to invite you to join the beta explorer...
At Defcon 22 we presented several improvements in wifi rogue access point attacks. We entitled the talk “Manna from heaven” and released the MANA toolkit. I’ll be doing two blog entries. The first...
Over those years, we’ve trained thousands of students in the art of offensive and defensive security through our Hacking by Numbers courses. Our courses are taken directly from the work we do....
Web application security training in 2015? It’s a valid question we get asked sometimes. With the amount of books available on the subject, the tools that seemingly automate the process coupled...
Recently there were revelations about a GHCQ initiative called ‘Lovely Horses’ to monitor certain hackers’ Twitter handles. The guys over at Paterva quickly whipped up a Maltego Machine to...
Hello Internet, We’re going to be hosting monthly Maltego webinar sessions, and our first one is this Friday (24th April)! Being our first episode we’re going to start with the basics of the...
Our Intelligence service team is growing and we are looking for a Threat Analyst to join us. Not only is the working environment pretty cool, the work you’ll be doing means you’ll be learning a...
Transport layer security has had a rough ride recently, with a number of vulnerabilities being reported. At a time when trust is required between you and the site you are interacting with, it’s...