Our Blog
Happy New Year! (No predictions.. promise..)
Reading time:
~1 min
Posted
by Haroon Meer
on
31 December 2009
It’s the last few hours of 2009 here in South Africa so i wanted to take the opportunity really quickly...
26th Chaos Communication Congress..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
30 December 2009
is currently on in Berlin. As usual [it] looks like a blast, and as usual, media [is online] before the...
We are famous (almost!)
Reading time:
Less than a minute
Posted
by Haroon Meer
on
16 December 2009
Last week had two “cloud-security” related articles hit the inter-webs.. After our Vegas09 talk on “clobbering the cloud” we had...
Criticism, Cheerleading, and Negativity
Reading time:
~1 min
Posted
by Haroon Meer
on
07 December 2009
[Alex Payne] has an excellent post up titled “Criticism, Cheerleading, and Negativity“. It’s a 2 minute read, but its worth...
ZaCon – A con in need of a better tagline…
Reading time:
Less than a minute
Posted
by Haroon Meer
on
30 November 2009
ZaCon came and went, “and a fun time was had by all!” The first run was a semi-cosy affair held...
Defcon-17 – Clobbering the Cloud
Reading time:
Less than a minute
Posted
by Haroon Meer
on
16 November 2009
Our DC-17 video (of the “Clobbering the Cloud” talk) is now available on the the new look DefCon download site:...
Twitter killed the (infosec) Blogging Star ?
Reading time:
~1 min
Posted
by Haroon Meer
on
10 November 2009
Like it, hate it or just plain struggling to understand it, Twitter has made a huge impact across a wide...
Spammers need love too..
Reading time:
~2 min
Posted
by Haroon Meer
on
05 November 2009
-snip- From: Haroon Meer <haroon@sensepost.com> To: Marc Schneider <marcs@mplw.net> Subject: Re: http://www.sensepost.com – Contact needed Hi Dr Schneider. * Marc...
Dvorak, on Windows 7, Microsoft and attention to details..
Reading time:
~1 min
Posted
by Haroon Meer
on
29 October 2009
The other day i tweeted a link from John Dvorak reviewing Windows 7. He basically said that Microsoft was dying,...
Sensepost’s Developer and Bootcamp Security courses (November)
Reading time:
~2 min
Posted
by Shane Kemp
on
19 October 2009
Hi All SensePost will be running their next Developer and Bootcamp courses for 2009, scheduled for November. Please drop me...
*sigh* alas poor kindle…
Reading time:
Less than a minute
Posted
by Haroon Meer
on
04 October 2009
my wife might have a kindle, which i might have bought in the US, which she might have loved dearly.....
SensePost again accredited as a PCI ASV
Reading time:
Less than a minute
Posted
by evert
on
29 September 2009
SensePost is proud to announce that they have retained their status as an Approved Scanning Vendor for PCI DSS purposes....
MS Threat Modeller
Reading time:
~2 min
Posted
by Ian de Villiers
on
15 September 2009
Just arbitrary coolness regarding Microsoft’s Threat Modeller. It’s XSS-ible… Since this all works in file:///, not overly sure what the...
2 pieces of coolness…
Reading time:
~1 min
Posted
by Haroon Meer
on
11 September 2009
a) was the politely dropped kaminsky firefox bug [http://lists.grok.org.uk/pipermail/full-disclosure/2009-September/070620.html] It still requires a click for command execution, but considering its...
Fasm2009 – Videos online..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
04 September 2009
The “Fasm conference is an informal meeting of coders interested in x86 assembly programming.” Some of the videos can be...
About:SnowLeopard
Reading time:
Less than a minute
Posted
by Haroon Meer
on
02 September 2009
Sure it only cost $29, but when you consider the number of people bowing down and thanking our Cupertino overlords...
MonSoen.py
Reading time:
~1 min
Posted
by Ian de Villiers
on
26 August 2009
I was recently playing with a Wingate Proxy server, came across some arbitrary interestingness. So, WinGate proxy includes a remote...
John Viega’s “the myths of security”.. Really??
Reading time:
~4 min
Posted
by Haroon Meer
on
23 August 2009
i go through a ton of books. Over the past 10 years, this has been dominated by books on computer...
BlackHat presentation demo vids: MobileMe
Reading time:
~3 min
Posted
by marco
on
09 August 2009
[part 5 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal The final installment...
BlackHat presentation demo vids: Amazon
Reading time:
~8 min
Posted
by marco
on
08 August 2009
[part 4 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal In the fourth...
BlackHat presentation demo vids: SalesForce Sifto
Reading time:
~5 min
Posted
by marco
on
08 August 2009
[part 3 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal Our third video...
BlackHat presentation demo vids: SalesForce ClickJacking
Reading time:
~2 min
Posted
by marco
on
06 August 2009
[part 2 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal The premise behind...
BlackHat presentation demo vids: SugarSync
Reading time:
~4 min
Posted
by marco
on
06 August 2009
[part 1 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal We wanted to...
BlackHat presentation demo vids: Summary
Reading time:
Less than a minute
Posted
by marco
on
06 August 2009
Our BH09/DC17 presentation relied heavily on videos for the demos, and they’ve been blogged separately. Links below (will be made...
Clobbering the cloud slides
Reading time:
Less than a minute
Posted
by marco
on
05 August 2009
[updated: videos will be made available on this page] 140 slides in 75 minutes. They said it couldn’t be done…...
Wishlist for graduates
Reading time:
~4 min
Posted
by marco
on
08 July 2009
We were invited to speak at the recent ISSA2009 conference in Joburg, a local mostly academic security conference and I...
Watch out Amazon…
Reading time:
Less than a minute
Posted
by Haroon Meer
on
29 June 2009
’cause theres some serious cloud computing competition on the horizon.. A google search for Cloud Provider returns the following paid...
Apple vs Microsoft as a malware target.. stop saying market share..
Reading time:
~6 min
Posted
by Haroon Meer
on
11 June 2009
I really enjoy listening to Mac Break Weekly.. Leo Laporte is an excellent host and i would tune in just...
Excellent paper from MSFT Research on inline proxies vs. SSL
Reading time:
~1 min
Posted
by Haroon Meer
on
07 June 2009
Ron Auger sent an email to the [WASC Mail list] on some fine work presented recently by Microsoft Research. The...
Two quick links on “how your app got hacked, even though it looked ok”
Reading time:
Less than a minute
Posted
by Haroon Meer
on
05 June 2009
The first one from hacker news, aptly titled “How I Hacked Hacker News (with arc security advisory)” and the 2nd,...
Open Patch Management Survey
Reading time:
~2 min
Posted
by Charl van der Walt
on
04 June 2009
Rich Mogull (who’s stuff I really quite dig) has launched an ‘Open Patch Management Survey’ via the SecurityMetrics blog. Its...
How Good Companies Fail..
Reading time:
~3 min
Posted
by Haroon Meer
on
16 May 2009
In early 2002 i recall reading and falling in love with Jim Collins book: “From good to Great“. I recall...
Apple gets some clue points?
Reading time:
~1 min
Posted
by Haroon Meer
on
13 May 2009
At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small)...
Episode 9 of the ITSecurity Pubcast..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
11 May 2009
Yvette Du Toit (E&Y – UK/ZA) featured on the latest ITSecurity Pubcast and spoke about her role in CREST. SensePost...
Zappos number 1 priority
Reading time:
~1 min
Posted
by Haroon Meer
on
04 May 2009
[Zappos.com] is one of those companies people love to write about. They make headlines for their use of new media...
Chris Eng 1 – 0 Verizon DBIR Cover
Reading time:
Less than a minute
Posted
by Haroon Meer
on
28 April 2009
Chris Eng over [at the Veracode blog] documents how he approached, and decoded the info behind the [2009 Verizon Data...
Virtualization as an answer to backward compatability?
Reading time:
Less than a minute
Posted
by Haroon Meer
on
25 April 2009
Part of the problem Microsoft bumped into with Vista, was hordes of people who had grown too attached to XP.....
BiDiBLAH Case Study (Part 2)
Reading time:
Less than a minute
Posted
by francesco
on
15 April 2009
With our recent release of BiDiBLAH 2.0, we’ve decided to revisit some real world scenarios, and ways BiDiBLAH can deal...
SPUD reminder(s)
Reading time:
Less than a minute
Posted
by francesco
on
15 April 2009
After some queries regarding SPUD, I thought it would be a good idea to blog this reminder: * Spud can...
The power of data
Reading time:
Less than a minute
Posted
by evert
on
09 April 2009
We recently introduced some neat blizzards onto a PoC Broadview client. On tha back of Conficker, our Broadview Dashboard sports...
Comments have been broked :(
Reading time:
~1 min
Posted
by Haroon Meer
on
08 April 2009
Comments on the blog have been suprisingly quiet and we should have realised this when more and more people started...
Sensepost’s HBN Extended Edition course 11-15th May
Reading time:
~1 min
Posted
by Shane Kemp
on
07 April 2009
We have scheduled our next training course, Hacking By Numbers – Extended Edition (Bootcamp) in May 11-15th . The course...
reDuh reVisited…
Reading time:
Less than a minute
Posted
by Ian de Villiers
on
07 April 2009
We’ve had a number of issues with reDuh and the various server versions published. Some clients worked with some versions...
Should InfoSec companies be betting on PCI ?
Reading time:
~3 min
Posted
by Haroon Meer
on
05 April 2009
The United States committee on Homeland Security’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology recently held a hearing...
#include fakeNewsStory.h
Reading time:
Less than a minute
Posted
by Haroon Meer
on
01 April 2009
what? on April 1st???? Never!
Ranum Reloaded..
Reading time:
~4 min
Posted
by Haroon Meer
on
31 March 2009
A little while back i commented on Marcus Ranums HiTB talk “Cyberwar is Bullshit!“. I ended the post with the...
Hello World (With an LED)
Reading time:
~1 min
Posted
by Haroon Meer
on
30 March 2009
Way back when i was a sysadmin, i recall reading a quote from one of the ATT greybeards who said...
HBN Developer Edition Training
Reading time:
Less than a minute
Posted
by Shane Kemp
on
30 March 2009
Hi All We have scheduled our first Developer course for April in Pretoria, should you know of anyone in your...
!exploitable [Vuln finding freebie from MSFT]
Reading time:
Less than a minute
Posted
by Haroon Meer
on
22 March 2009
Microsoft released !exploitable at CanSecWest this year. The debugger extension, and the accompanying slide deck can be found [here]. I...
Jack C. Louis: Jan 5, 1977 – March 14, 2009
Reading time:
Less than a minute
Posted
by Haroon Meer
on
22 March 2009
Truly tragic. We are all poorer for it.. It really was an honor and a privilege to have known him.....
Like deja-vu (all over again)
Reading time:
~1 min
Posted
by Haroon Meer
on
20 March 2009
Those of you who were around in 2001 will recall http://anti.security.is (anti-sec f.a.q).. The sentiment pops up periodically (in different...
Hack Like You Mean It – we’re taking PCI to Vegas
Reading time:
~1 min
Posted
by Charl van der Walt
on
20 March 2009
We’ve been busying ourselves with the PCI DSS in one way or another for more than a year now here...
Only an idiot will install a beta os on his primary phone..
Reading time:
~1 min
Posted
by Haroon Meer
on
19 March 2009
and i am that idiot… Developers signed up with Apples Dev Program get to take iPhoneOS3.0 out for a spin,...
CodeGate – 2009
Reading time:
Less than a minute
Posted
by Haroon Meer
on
12 March 2009
[beistlabs] [CodeGate] has come and gone.. A nice writeup of the event can be found [here] with a pdf of...
Attack Vector based Risk Management?
Reading time:
~1 min
Posted
by Charl van der Walt
on
11 March 2009
Interesting post by Michael Dahn at pcianswers.com discussed (again) the difference between compliance and security. Do you know the joke about...
Defcon 16 Videos Available..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
09 March 2009
Ok.. So The Dark Tangent announced this [a few days ago], but i felt it deserved mention because i was...
BiDiBLAH Case Study (Part 1)
Reading time:
Less than a minute
Posted
by francesco
on
09 March 2009
With our recent release of BiDiBLAH 2.0, we’ve decided to revisit some real world scenarios, and ways BiDiBLAH can deal...
MacBook Pro – Battery RIP
Reading time:
Less than a minute
Posted
by Haroon Meer
on
04 March 2009
About 2 weeks ago the battery performance on my machine took a sudden nose dive. Worse than the fact that...
VMWare enters the cloud computing foray
Reading time:
Less than a minute
Posted
by nick
on
25 February 2009
BusinessWeek reports that VMWare has launched a new product aimed at establishing it as a competitor in the cloud computing...
Top Ten Web Hacking Techniques of 2008
Reading time:
Less than a minute
Posted
by Haroon Meer
on
24 February 2009
(aka – Whoot! we are almost famous!!) Jeremiah Grossman’s panel of judges (Rich Mogull, Chris Hoff, HD Moore and RFP)...
Cebit Expo 2009
Reading time:
Less than a minute
Posted
by Shane Kemp
on
23 February 2009
SensePost have once again been invited to join the South African Department of Trade and Industry at Cebit, as one...
BiDiBLAH / SPUD.. Quick feedback
Reading time:
Less than a minute
Posted
by francesco
on
23 February 2009
We’ve had some feedback from some BiDiBLAH / SPUD users regarding a few changes… Firstly, SPUD seems to be crashing...
HITB08 – Marcus Ranum Keynote on CyberWar..
Reading time:
~1 min
Posted
by Haroon Meer
on
22 February 2009
I just managed to pull the HackintheBox torrents for their [2008 talks]. (SensePosters can grab a local copy [here]). I...
FW: HBN Extended Edition 9-13 March
Reading time:
~1 min
Posted
by Shane Kemp
on
17 February 2009
Yes, it is time to offer some technical input by way of our HBN Extended Edition training. There will be...
Joe Grand (Kingpin) gets famouser!
Reading time:
Less than a minute
Posted
by Haroon Meer
on
17 February 2009
This is probably really old news (to some), but was in the company of sattelite TV this weekend and...
reDuh.ASPX
Reading time:
Less than a minute
Posted
by Ian de Villiers
on
09 February 2009
An additional issue has been discovered in the ASPX version of reDuh. Although the script did work as expected, it...
ASPX and reDuh
Reading time:
Less than a minute
Posted
by Ian de Villiers
on
09 February 2009
We’ve received a number of queries regarding folkses unable to get the ASPX version of reDuh to work. In truth,...
Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)
Reading time:
~1 min
Posted
by nick
on
08 February 2009
aka.. Someone put the hurtski on Kaspersky.. The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on...
On Hiring Staff – The T-Shirt Method..
Reading time:
~2 min
Posted
by Haroon Meer
on
04 February 2009
Anyone who has honestly reflected on what they know about hiring, will tell you that no matter how locked-down you...
Turn of the century deja vu?
Reading time:
~3 min
Posted
by nick
on
01 February 2009
The recent widespread carnage caused by the Conficker worm is astounding, but is also comforting, in a strange way. It...
EDoS is the new DDoS ?
Reading time:
~1 min
Posted
by Haroon Meer
on
27 January 2009
Over at [Rational Survivability] beaker as coined the term EDoS. To describe how “the utility and agility of the cloud...
RFP Spotting..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
26 January 2009
Not the boring pile of papers kind.. the shiny pants and sunglasses kind: Turns out you can find him blogging...
QoW: Software Reversing and Exploitation
Reading time:
~1 min
Posted
by behrang
on
22 January 2009
I’ve developed a FTP like multi-threaded server application as a target for this challenge of the month. It has been...
When missing a good hire works out well..
Reading time:
~1 min
Posted
by Haroon Meer
on
21 January 2009
A few years ago, Mohamed Nanabhay was considering joining SensePost and i was trying hard to convince him it was...
So so senseless…
Reading time:
Less than a minute
Posted
by Haroon Meer
on
15 January 2009
haroon :(
ITWeb Security Summit 2009 – CFP Deadline
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
13 January 2009
I just wanted to remind everyone that the CFP for the 2009 ITWeb Security Summit closes on 26 Jan. We’re...
BiDiBLAH 2.0 Released!
Reading time:
Less than a minute
Posted
by francesco
on
08 January 2009
Yup, that’s right, BiDIBLAH 2.0 has finally been released and is available for purchase at an incredibly low US$500!! You...
SensePost Training @ Black Hat DC
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
07 January 2009
So… Black Hat DC is rushing at us like a speeding big… speeding thing. This is just a friendly a...
“Hooker” approach to break-in!
Reading time:
Less than a minute
Posted
by behrang
on
06 January 2009
Interesting post on cost/benefit analysis of hacker and hooker attacks….
behrang
Hacking By Numbers Online – your thoughts?
Reading time:
~4 min
Posted
by Charl van der Walt
on
06 January 2009
We often get asked by students of our Hacking By Numbers courses if the course environments or at least the...
Headhunter: Employers Hate World Of Warcraft Players
Reading time:
Less than a minute
Posted
by Haroon Meer
on
05 January 2009
This is an old post, regurgitated because it yielded some spirited discussion. Apparantly headhunters are being told to avoid World...