This is a tool that I have wanted to build for at least 5 years. Checking my archives, the earliest reference I can find is almost exactly 5 years ago, and I’ve been thinking about it for longer,...

This blog post is about the process we went through trying to better interpret the masses of scan results that automated vulnerability scanners and centralised logging systems produce. A good...

Friday the 13th seemed like as good a date as any to release Snoopy 2.0 (aka snoopy-ng). For those in a rush, you can download the source from GitHub, follow the README.md file, and ask for help...

At SensePost we get to enjoy some challenging assessments and do pretty epic things. Some days it feels like the only thing that could make it better would be driving tanks while doing it. The...

We recently ran our Black Hat challenge where the ultimate prize was a seat on one of our training courses at Black Hat this year. This would allow the winner to attend any one of the following:...

There is a serious skills shortage in our industry. There are just not enough skilled hackers out there to fill all the open positions. In November of last year, I proposed a new approach for us...

We’ve been big fans of Maltego and the team at Paterva for a very long time now, and we frequently use this powerful tool for all kinds of fun and interesting stuff, like Using Maltego to explore...

Hello from Las Vegas! Yesterday (ed: uh, last week, my bad) I gave a talk at DefCon 22 entitled ‘Practical Aerial Hacking & Surveillance‘. If you missed the talk the slides are available here....

Jack is a tool I created to help build Clickjacking PoC’s. It uses basic HTML and Javascript and can be found on github, https://github.com/sensepost/Jack To use Jack, load Jack’s HTML,CSS and JS...

Hello world! We’ve been busy squireling away on a much requested project – a commercial Snoopy offering. We’ve called it ShadowLightly, and we’d like to invite you to join the beta explorer...

At Defcon 22 we presented several improvements in wifi rogue access point attacks. We entitled the talk “Manna from heaven” and released the MANA toolkit. I’ll be doing two blog entries. The first...

Over those years, we’ve trained thousands of students in the art of offensive and defensive security through our Hacking by Numbers courses. Our courses are taken directly from the work we do....

Web application security training in 2015? It’s a valid question we get asked sometimes. With the amount of books available on the subject, the tools that seemingly automate the process coupled...

Recently there were revelations about a GHCQ initiative called ‘Lovely Horses’ to monitor certain hackers’ Twitter handles. The guys over at Paterva quickly whipped up a Maltego Machine to...

Hello Internet, We’re going to be hosting monthly Maltego webinar sessions, and our first one is this Friday (24th April)! Being our first episode we’re going to start with the basics of the...

Our Intelligence service team is growing and we are looking for a Threat Analyst to join us. Not only is the working environment pretty cool, the work you’ll be doing means you’ll be learning a...

Transport layer security has had a rough ride recently, with a number of vulnerabilities being reported. At a time when trust is required between you and the site you are interacting with, it’s...

Mobile Course, O RLY? The mobile app market, and app usage, grew 76% in 2014 [1]. From shopping, utilities, productivity and health apps. Flurry, the mobile app analytics firm responsible for the...

Wireless: it’s everywhere these days and yet owning it never gets boring. As part of our annual SensePost hackathon, where we get time off projects and get to spend a week tinkering with tech and...

But, Websockets! The last week I was stuck on a web-app assessment where everything was new-age HTML5, with AngularJS and websockets. Apart from the login sequence, all communication happened...

No, this post is not about a Leon Schuster comedic skit from the early 90’s, YouTube reference here -> https://www.youtube.com/watch?v=JzoUBvdEk1k To the point, once upon a time there was a tool...

Every now and then you run into a new file format and you find that you may not have a tool to parse that file. Or you are looking for an easy to use solution for you mom to access the photo’s you...

“Operating system facilities, such as the kernel and utility programs, are typically assumed to be reliable. In our recent experiments, we have been able to crash 25-33% of the utility programs on...

SensePost Training in the Cloud Picture this. Every year, a group of Plakkers (our nickname for those who work at SensePost) descended into Las Vegas with more luggage than Imelda Marcos on a shoe...

Given the prevalence of Microsoft Active Directory domains as the primary means of managing large corporate networks both globally and in South Africa specifically; one of the common first goals...

When doing internals, usually an easy first step is to use Responder and wait to retrieve NTLM hashes, cracking them and hoping for a weak password. The problem is that sometimes fancy cracking...

Collecting and performing Open Source Intelligence (OSINT) campaigns from a wide array of public sources means ensuring your sources contain the most up to date information relating to your...

Is not a hack until you are 3 tunnels deep – Ian de Villiers External assessments. It’s about not only finding flaws but also looking at ways you can chain lower and medium-level vulnerabilities...

A few days ago I was asked to have a look at the newly emerged crypto-ransomware threat “Locky” which utilises Dridex-like Command and Control (C&C) communications techniques. For some background...

Here’s my first blog where I’ll try to write up how I’ve managed to set up the Introspy framework for the Android emulator. First things first, if you haven’t downloaded the Android SDK do it now...