Our Blog

Goodbye to 2013, hello to 2014

Reading time: ~5 min
With 2013 coming to a close, I thought it pertinent to look back at the year we’ve had and also...

Botconf 2013

Reading time: ~2 min
Botconf’13, the “First botnet fighting conference” took place in Nantes, France from 5-6 December 2013. Botconf aimed to bring together...

Mobile Hacking on the West Coast

Reading time: ~2 min
December sees SensePost presenting Hacking by Numbers: Mobile at  BlackHat West Coast Trainings. This course was first presented at BlackHat...

RAT-a-tat-tat

Reading time: Less than a minute
Hey all, So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison...

Never mind the spies: the security gaps inside your phone

Reading time: ~2 min
For the last year, Glenn and I have been obsessed with our phones; especially with regard to the data being...

A new owner for a new chapter

Reading time: ~1 min
We’re pleased to announce our acquisition today by SecureData Europe. SecureData (www.secdata.com) is a complete independent security services provider based...

Offence oriented defence

Reading time: ~3 min
We recently gave a talk at the ITWeb Security Summit entitled “Offense Oriented Defence”. The talk was targeted at defenders...

44CON 2013

Reading time: ~3 min
In one week, it’s 44CON time again! One of our favourite UK hacker cons. In keeping with our desire to...

BlackHat Conference: Z-Wave Security

Reading time: ~1 min
We are publishing the research paper and tool for our BlackHat 2013 USA talk on the Z-Wave proprietary wireless protocol...

Hacking by Numbers – The mobile edition

Reading time: ~3 min
West Coast in the house, well actually more like an African visiting Seattle for Blackhat’s West Coast Trainings. We’ve had...

Rogue Access Points, a how-to

Reading time: ~12 min
In preparation for our wireless training course at BlackHat Vegas in a few weeks, I spent some time updating the...

Technical Project Manager Role

Reading time: ~1 min
As SensePost grows, so does our desire to ensure a healthy balance between technical savvy and organisational skills. As a...

A software level analysis of TrustZone OS and Trustlets in Samsung Galaxy Phone

Reading time: ~15 min
Introduction: New types of mobile applications based on Trusted Execution Environments (TEE) and most notably ARM TrustZone micro-kernels are emerging which...

BlackHat Challenge – 2013

Reading time: ~2 min
One of the things we try and get across in our training – is that pen-testing requires out of the...

Honey, I’m home!! – Hacking Z-Wave & other Black Hat news

Reading time: ~7 min
You’ve probably never thought of this, but the home automation market in the US was worth approximately $3.2 billion in...

Something about sudo, Kingcope and re-inventing the wheel

Reading time: ~5 min
Willems and I are currently on an internal assessment and have popped a couple hundred (thousand?) RHEL machines, which was...

Black Hat Vegas 2013 – Course Summaries

Reading time: ~3 min
We have an updated breakdown of our BlackHat courses here With the ‘early registration’ discount period coming to an end...

BlackOps Hacking Training – Las Vegas

Reading time: ~4 min
BlackOps you say? At SensePost we have quite a range of courses in our Hacking by Numbers series. We feel...

Stay low, move fast, shoot first, die last, one shot, one kill, no luck, pure skill …

Reading time: ~2 min
We’re excited to be presenting our Hacking By Numbers Combat course again at Black Hat USA this year. SensePost’s resident...

Your first mobile assessment

Reading time: ~3 min
Monday morning, raring for a week of pwnage and you see you’ve just been handed a new assessment, awesome. The...

Wifi Hacking & WPA/2 PSK traffic decryption

Reading time: ~3 min
When doing wireless assessments, I end up generating a ton of different scripts for various things that I thought it...

Windows Domain Privilege Escalation : Implementing PSLoggedOn in Metasploit (+ a bonus history module)

Reading time: ~3 min
There are multiple paths one could take to getting Domain Admin on a Microsoft Windows Active Directory Domain. One common...

Analysis of Security in a P2P storage cloud

Reading time: ~8 min
A cloud storage service such as Microsoft SkyDrive requires building  data centers as well as operational and maintenance costs. An alternative approach...

Google Docs XSS – no bounty today

Reading time: ~3 min
A few days ago, during one of those nights with the baby crying at 2:00 am and the only thing...

Black Hat Europe – Bootcamp Training

Reading time: ~1 min
SensePost will be at Black Hat Europe 2013 to deliver the Bootcamp module of the Hacking by Numbers series. This...

Vulnerability Management Analyst Position

Reading time: ~2 min
Have a keen interest on scanning over 12000 IP’s a week for vulnerabilities? Excited about the thought of assessing over...

IT Network Packet Wrangler

Reading time: ~2 min
As we grow and operate on a number of continents, so does our dependence on a rock-solid IT infrastructure. We...

Adolescence: 13 years of SensePost

Reading time: ~2 min
Today was our 13th birthday. In Internet years, that’s a long time. Depending on your outlook, we’re either almost a pensioner...

Poking Around in Android Memory

Reading time: ~5 min
Taking inspiration from Vlad’s post I’ve been playing around with alternate means of viewing traffic/data generated by Android apps. The...

Client Side Fingerprinting in Prep for SE

Reading time: ~3 min
On a recent engagement, we were tasked with trying to gain access to the network via a phishing attack (specifically...