Our Blog
we’re going to bsides cape town 2023
Reading time:
~3 min
Posted
by Leon Jacobs
on
28 November 2023
Arguably one of the largest hacking conferences in South Africa, BSides Cape Town 2023 is around the corner and the...
Szensecon Discord Bot
Reading time:
~10 min
Posted
by Szymon Ziolkowski
on
09 November 2020
We have written a lot about SenseCon by now, but there is one more thing we can talk about! In...
Pentesting Enterprise Infrastructure – Journeyman Level
Reading time:
~2 min
Posted
by keiran
on
14 June 2017
Sophisticated attacks aim to hide from endpoint solutions Advanced hacking. Expert approaches We are inundated by advanced this, expert that,...
Womens Training Scholarship
Reading time:
~1 min
Posted
by daniel
on
25 May 2017
SensePost and BlackHat are proud to announce a new scholarship initiative for a woman in the information security field. The...
USaBUSe Linux updates
Reading time:
~6 min
Posted
by Rogan Dawes
on
10 March 2017
(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting...
XRDP: Exploiting Unauthenticated X Windows Sessions
Reading time:
~9 min
Posted
by Darryn Cull
on
08 December 2016
In this blog post we are going to describe some tools we created to find and exploit unauthenticated X Windows sessions....
Rattler:Identifying and Exploiting DLL Preloading Vulnerabilities
Reading time:
~8 min
Posted
by chris
on
01 December 2016
In this blog post I am going to describe a new tool (Rattler) that I have been working on and...
PwnBank en route to Vegas
Reading time:
~3 min
Posted
by chris
on
20 June 2016
Everyone has a mobile phone (ok some have two) and the wealth of information people put into them is staggering....
DET – (extensible) Data Exfiltration Toolkit
Reading time:
~2 min
Posted
by Paul
on
19 March 2016
Often gaining access to a network is just the first step for a targeted attacker. Once inside, the goal is...
AutoDane at BSides Cape Town
Reading time:
~6 min
Posted
by Dane Goodwin
on
07 December 2015
Given the prevalence of Microsoft Active Directory domains as the primary means of managing large corporate networks both globally and...
Improvements in Rogue AP attacks – MANA 1/2
Reading time:
~9 min
Posted
by Dominic White
on
23 February 2015
At Defcon 22 we presented several improvements in wifi rogue access point attacks. We entitled the talk “Manna from heaven”...
DefCon 22 – Practical Aerial Hacking & Surveillance
Reading time:
~1 min
Posted
by glenn
on
10 August 2014
Hello from Las Vegas! Yesterday (ed: uh, last week, my bad) I gave a talk at DefCon 22 entitled ‘Practical...
Botconf 2013
Reading time:
~2 min
Posted
by etienne
on
17 December 2013
Botconf’13, the “First botnet fighting conference” took place in Nantes, France from 5-6 December 2013. Botconf aimed to bring together...
RAT-a-tat-tat
Reading time:
Less than a minute
Posted
by jeremy
on
22 November 2013
Hey all, So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison...
Offence oriented defence
Reading time:
~3 min
Posted
by Dominic White
on
06 September 2013
We recently gave a talk at the ITWeb Security Summit entitled “Offense Oriented Defence”. The talk was targeted at defenders...
44CON 2013
Reading time:
~3 min
Posted
by daniel
on
04 September 2013
In one week, it’s 44CON time again! One of our favourite UK hacker cons. In keeping with our desire to...
BlackHat Conference: Z-Wave Security
Reading time:
~1 min
Posted
by behrang
on
19 August 2013
We are publishing the research paper and tool for our BlackHat 2013 USA talk on the Z-Wave proprietary wireless protocol...
Honey, I’m home!! – Hacking Z-Wave & other Black Hat news
Reading time:
~7 min
Posted
by Charl van der Walt
on
01 June 2013
You’ve probably never thought of this, but the home automation market in the US was worth approximately $3.2 billion in...
Snoopy Release
Reading time:
~4 min
Posted
by glenn
on
06 December 2012
We blogged a little while back about the Snoopy demonstration given at 44Con London. A similar talk was given at...
Black Hat Training Classes Update
Reading time:
~2 min
Posted
by Charl van der Walt
on
13 July 2012
Hey All, We’re about locked and loaded down here in ZA – ready to tackle the looooong journey to Vegas...
CREST South Africa? Let’s talk…
Reading time:
~1 min
Posted
by Charl van der Walt
on
09 May 2012
First, some background on CREST in the form of blatant plagiarism… CREST – The Council for Registered Ethical Security Testers...
ITWeb Security Summit 2012
Reading time:
~3 min
Posted
by Charl van der Walt
on
08 May 2012
This year, for the fourth time, myself and some others here at SensePost have worked together with the team from...
Pentesting in the spotlight – a view
Reading time:
~9 min
Posted
by Charl van der Walt
on
07 May 2012
As 44Con 2012 starts to gain momentum (we’ll be there again this time around) I was perusing some of the talks...
Mobile Security Summit 2011
Reading time:
~1 min
Posted
by saurabh
on
01 November 2011
This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389). Charl was...
Metricon 2011 Summary
Reading time:
~5 min
Posted
by Dominic White
on
28 October 2011
[I originally wrote this blog entry on the plane returning from BlackHat, Defcon & Metricon, but forgot to publish it....
Black Hat Abu Dhabi && Cadet Online Edition
Reading time:
~1 min
Posted
by Charl van der Walt
on
06 October 2011
Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected...
Runtime analysis of Windows Phone 7 Applications
Reading time:
~2 min
Posted
by behrang
on
14 September 2011
Runtime analysis is an integral part of most application security assessment processes. Many powerful tools have been developed to perform...
SensePost @ 44Con – Join us!
Reading time:
~1 min
Posted
by Charl van der Walt
on
19 August 2011
Until recently, there was a distinct lack of decent, high-quality technical security conferences held in the United Kingdom. Home to the...
SensePost Black Hat Course Summary & chosing the right courses
Reading time:
~1 min
Posted
by Charl van der Walt
on
08 July 2011
As we draw nearer to Black Hat Vegas we get a lot of requests from people who need help choosing...
From the International Conference on Cyber Conflict
Reading time:
~9 min
Posted
by Charl van der Walt
on
07 June 2011
The text that follows is a short statement I prepared for the press ahead of my presentation at the ‘The...
ITWeb Security Summit
Reading time:
Less than a minute
Posted
by Dominic White
on
17 March 2011
The ITWeb Security Summit is creeping up on us again and will be happening on the 10-11th of May. This...
Black Hat Abu Dhabi – Full … NOT!
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
31 October 2010
The bad news is that our course at Black Hat Abu Dhabi is completely full. The good news is …...
Gitex 2010 Dubai
Reading time:
Less than a minute
Posted
by Shane Kemp
on
13 October 2010
At the invitation of the South African Department of Trade and Industry SensePost will form part of a South African...
Information Security South Africa (ISSA) 2010
Reading time:
~4 min
Posted
by Dominic White
on
10 August 2010
Last week we presented an invited talk at the ISSA conference on the topic of online privacy (embedded below, click...
Memcached talk update
Reading time:
~1 min
Posted
by marco
on
07 August 2010
Wow. At some point our talk hit HackerNews and then SlashDot after swirling around the Twitters for a few days....
BlackHat Write-up: go-derper and mining memcaches
Reading time:
~7 min
Posted
by marco
on
04 August 2010
[Update: Disclosure and other points discussed in a little more detail here.] Why memcached? At BlackHat USA last year we...
Go-derper: mining your memcacheds
Reading time:
Less than a minute
Posted
by marco
on
30 July 2010
Today at BlackHat USA 2010 we released a tool for manipulating memcached instances; we still need to write it up...
SensePost’s Training @ Black Hat Vegas ’10 (win something)
Reading time:
~1 min
Posted
by Dominic White
on
07 June 2010
After hearing our talk was accepted at BlackHat, we’re happy to announce that our training will be back for it’s...
SensePost at BlackHat USA 2010
Reading time:
~1 min
Posted
by marco
on
31 May 2010
A brief update from South Africa on some recent talks as well as the upcoming BH USA: our talk proposal...
ITWeb Security Summit 2010 & Afterparty
Reading time:
~3 min
Posted
by Dominic White
on
04 May 2010
The ITWeb security summit is coming up next week from the 11th to 13th of May. This is a conference...
SensePost trains in Spain.
Reading time:
Less than a minute
Posted
by bradleyj
on
04 March 2010
Hey everyone. We will once again be presenting our BootCamp training course at the BlackHat Europe Conference. It seems this...
26th Chaos Communication Congress..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
30 December 2009
is currently on in Berlin. As usual [it] looks like a blast, and as usual, media [is online] before the...
ZaCon – A con in need of a better tagline…
Reading time:
Less than a minute
Posted
by Haroon Meer
on
30 November 2009
ZaCon came and went, “and a fun time was had by all!” The first run was a semi-cosy affair held...
Defcon-17 – Clobbering the Cloud
Reading time:
Less than a minute
Posted
by Haroon Meer
on
16 November 2009
Our DC-17 video (of the “Clobbering the Cloud” talk) is now available on the the new look DefCon download site:...
Fasm2009 – Videos online..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
04 September 2009
The “Fasm conference is an informal meeting of coders interested in x86 assembly programming.” Some of the videos can be...
BlackHat presentation demo vids: MobileMe
Reading time:
~3 min
Posted
by marco
on
09 August 2009
[part 5 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal The final installment...
BlackHat presentation demo vids: Amazon
Reading time:
~8 min
Posted
by marco
on
08 August 2009
[part 4 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal In the fourth...
BlackHat presentation demo vids: SalesForce Sifto
Reading time:
~5 min
Posted
by marco
on
08 August 2009
[part 3 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal Our third video...
BlackHat presentation demo vids: SalesForce ClickJacking
Reading time:
~2 min
Posted
by marco
on
06 August 2009
[part 2 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal The premise behind...
BlackHat presentation demo vids: SugarSync
Reading time:
~4 min
Posted
by marco
on
06 August 2009
[part 1 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal We wanted to...
BlackHat presentation demo vids: Summary
Reading time:
Less than a minute
Posted
by marco
on
06 August 2009
Our BH09/DC17 presentation relied heavily on videos for the demos, and they’ve been blogged separately. Links below (will be made...
Clobbering the cloud slides
Reading time:
Less than a minute
Posted
by marco
on
05 August 2009
[updated: videos will be made available on this page] 140 slides in 75 minutes. They said it couldn’t be done…...
Wishlist for graduates
Reading time:
~4 min
Posted
by marco
on
08 July 2009
We were invited to speak at the recent ISSA2009 conference in Joburg, a local mostly academic security conference and I...
Apple vs Microsoft as a malware target.. stop saying market share..
Reading time:
~6 min
Posted
by Haroon Meer
on
11 June 2009
I really enjoy listening to Mac Break Weekly.. Leo Laporte is an excellent host and i would tune in just...
Excellent paper from MSFT Research on inline proxies vs. SSL
Reading time:
~1 min
Posted
by Haroon Meer
on
07 June 2009
Ron Auger sent an email to the [WASC Mail list] on some fine work presented recently by Microsoft Research. The...
Ranum Reloaded..
Reading time:
~4 min
Posted
by Haroon Meer
on
31 March 2009
A little while back i commented on Marcus Ranums HiTB talk “Cyberwar is Bullshit!“. I ended the post with the...
!exploitable [Vuln finding freebie from MSFT]
Reading time:
Less than a minute
Posted
by Haroon Meer
on
22 March 2009
Microsoft released !exploitable at CanSecWest this year. The debugger extension, and the accompanying slide deck can be found [here]. I...
Like deja-vu (all over again)
Reading time:
~1 min
Posted
by Haroon Meer
on
20 March 2009
Those of you who were around in 2001 will recall http://anti.security.is (anti-sec f.a.q).. The sentiment pops up periodically (in different...
CodeGate – 2009
Reading time:
Less than a minute
Posted
by Haroon Meer
on
12 March 2009
[beistlabs] [CodeGate] has come and gone.. A nice writeup of the event can be found [here] with a pdf of...
Defcon 16 Videos Available..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
09 March 2009
Ok.. So The Dark Tangent announced this [a few days ago], but i felt it deserved mention because i was...
Cebit Expo 2009
Reading time:
Less than a minute
Posted
by Shane Kemp
on
23 February 2009
SensePost have once again been invited to join the South African Department of Trade and Industry at Cebit, as one...
HITB08 – Marcus Ranum Keynote on CyberWar..
Reading time:
~1 min
Posted
by Haroon Meer
on
22 February 2009
I just managed to pull the HackintheBox torrents for their [2008 talks]. (SensePosters can grab a local copy [here]). I...
ITWeb Security Summit 2009 – CFP Deadline
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
13 January 2009
I just wanted to remind everyone that the CFP for the 2009 ITWeb Security Summit closes on 26 Jan. We’re...
SensePost Training @ Black Hat DC
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
07 January 2009
So… Black Hat DC is rushing at us like a speeding big… speeding thing. This is just a friendly a...
Dont look now, but it seems they broke the Interwebs again..
Reading time:
~1 min
Posted
by Haroon Meer
on
29 December 2008
Those pesky hackers! Alex Sotirov (of heap feng shui fame, famous for breaking everything from Vista, to web browsers, to...
Ted Speaker List up and Free hackin9
Reading time:
Less than a minute
Posted
by Haroon Meer
on
23 December 2008
(aka 2 completely unrelated topics) You can grab a free copy of the Hackin9 magazine [here] And you can view...
More Conn News – PCI Johannesburg
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
18 December 2008
I got contacted the other day (via LinkedIn actually, which is a 1st for me) about a PCI conference some...
ITWeb Security Summit 2009 – CFP Reminder
Reading time:
Less than a minute
Posted
by Charl van der Walt
on
18 December 2008
I wanted to remind folk that the CFP for the ITWeb Security Summit closes on 26 Jan 2009. You can...
Microsoft BlueHat, Videos Posted
Reading time:
Less than a minute
Posted
by Haroon Meer
on
02 December 2008
Microsoft has posted selected videos of the latest BlueHat talks [here]. It’s pretty cool that they are now releasing these...
ITWeb Security Summit 2009 – CFP Now Open
Reading time:
~1 min
Posted
by Charl van der Walt
on
28 November 2008
A couple of months back SensePost were asked by a prominent South African media company to assist in the selection...
HITB08 Slides available..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
03 November 2008
Slides from the latest Hack in the Box conference [are available] [SensePost slides are listed as owing / not there...
OWASP NYC Talks Posted..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
19 October 2008
The full videos from the OWASP NYC Conf have been posted. At least one BlackHat re-run, but some look well...
BlackHat/DefCon 2008 – Tool Release(s)
Reading time:
~1 min
Posted
by Haroon Meer
on
25 August 2008
Hey guys.. Our BlackHat/Defcon talk this year featured a few tools that we promised to release.. The first tool, or...
BlackHat / DefCon 2008….
Reading time:
Less than a minute
Posted
by Haroon Meer
on
18 August 2008
Hey guys.. Most of our BlackHat/Defcon team has arrived back home in one piece.. I landed with a fever and...
DefCon 16 – Hmm.. 2 of these talks seem familiar…
Reading time:
Less than a minute
Posted
by Haroon Meer
on
02 June 2008
Some of the DC16 speaker summaries have been posted, and these 2 caught my eye: Time-Based Blind SQL Injection using...
2 Winning quotes..
Reading time:
~1 min
Posted
by Haroon Meer
on
29 March 2008
from the SourceBoston videos i blogged about: Dr Geer never dissapoints, and kicked it off with the 4 rules on...
2 reasons to visit sourceboston.com (and 2 reasons to rejoice!)
Reading time:
Less than a minute
Posted
by Haroon Meer
on
24 March 2008
SourceBoston completed its first conference earlier this month, and some of the slide decks and videos are up.. While the...
RE: Sensepost at Cebit 2008
Reading time:
Less than a minute
Posted
by Shane Kemp
on
06 March 2008
“SensePost have once again been invited to join the South African Department of Trade and Industry at Cebit, as one...
HBN Bootcamp @ Black Hat
Reading time:
~1 min
Posted
by Charl van der Walt
on
28 January 2008
Black Hat DC this year is supposed to be “a different kind of Black Hat”. There are four tracks over...
Rob Auger from OWASP/WASC/CGiSecurity on Timing..
Reading time:
~1 min
Posted
by Haroon Meer
on
11 December 2007
Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our...
Defcon talks – Videos available online..
Reading time:
Less than a minute
Posted
by Haroon Meer
on
12 September 2007
A recent maillist thread shows that the DC15 videos are anow available online [here] Our video (although my voice sounded...
Thunks from hacking games
Reading time:
~8 min
Posted
by Charl van der Walt
on
24 August 2007
In Vegas I bought Herman “Exploiting Online Games” by Greg Hoglund and Gary McGraw. Being the saint that I am,...
On hamsters, Escaping, Escaping of Hamsters and the Lack of escaping in Hamster…
Reading time:
~5 min
Posted
by Haroon Meer
on
15 August 2007
OK.. So as i mentioned before, I saw Robert Graham from Erratasec demo hamster live on stage and wondered if...
mh.blackhatFeedback(Side-jacking, Hamster)
Reading time:
~2 min
Posted
by Haroon Meer
on
14 August 2007
Ok.. so its a lot later than i promised, but i did mention that i would post some feedback on...
F(inally)ull Release of BlackHat-Defcon Timing Stuff..
Reading time:
~2 min
Posted
by Haroon Meer
on
10 August 2007
The slides | tool | paper from BlackHat07/DefCon07 have been posted online for your wget’ing pleasure. More details on squeeza...
BlackHat Roundup – Ajax and h.323 and iax
Reading time:
~4 min
Posted
by nick
on
07 August 2007
The bulk of security research pertaining to VoIP call control, setup and signaling protocols has focused on the Session Initiation...
Squeeza: The SQL Injection Future?
Reading time:
Less than a minute
Posted
by Haroon Meer
on
03 August 2007
During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but...
Late BlackHat Update..
Reading time:
~1 min
Posted
by Haroon Meer
on
03 August 2007
ok.. so im in my room finally catching up on sleep (or will be in a few minutes) while most...
BlackHat Progress Report
Reading time:
~1 min
Posted
by Haroon Meer
on
30 July 2007
(always wanted to say that!) 2 SensePost Training sessions are over, and as i type The weekday sessions are at...
BlackHat, DefCon, Las Vegas
Reading time:
Less than a minute
Posted
by Haroon Meer
on
27 July 2007
Ok.. so the 2nd plane with SensePost’ers has touched down in LasVegas and the first cheeze-pizza from the caesars food...
Viva Las Vegas!
Reading time:
Less than a minute
Posted
by Haroon Meer
on
13 June 2007
BlackHat Vegas is almost on us again, and this will be the 6th year running that we present there.. This...
CSI Corporate Threat Modeling Talk
Reading time:
~1 min
Posted
by Charl van der Walt
on
12 June 2007
Whew. After much last-minute war with PPT C# and ORM our slides and Beta 1.0 of our tool are available...
Threat Modelling Talk at CSI Phoenix
Reading time:
~1 min
Posted
by Charl van der Walt
on
09 June 2007
After a six hour delay due to technical problems *before* my journey even started I’m finally on the plane and...