SensePost | Blog

XRDP: Exploiting Unauthenticated X Windows Sessions

Reading time: ~9 min

Posted by Darryn Cull on 08 December 2016

Categories: B-sides, Conferences, Nmap, Presentations, Tools

In this blog post we are going to describe some tools we created to find and exploit unauthenticated X Windows sessions....

BSides Cape Town Secret Squirrel Challenge Write-Up

Reading time: ~6 min

Posted by Dominic White on 06 December 2016

Categories: B-sides, Challenge, Wifi

Last weekend was the BSides Cape Town conference, currently ZA’s only hacker con. It’s a cool little con with big...

Rattler:Identifying and Exploiting DLL Preloading Vulnerabilities

Reading time: ~8 min

Posted by chris on 01 December 2016

Categories: Conferences, Research, Tools

In this blog post I am going to describe a new tool (Rattler) that I have been working on and...

Intercepting passwords with Empire and winning!

Reading time: ~6 min

Posted by symeon on 18 November 2016

Categories: Empire, Windows, Dll injection, Hooking

This is my password,” said the King as he drew his sword. “The light is dawning, the lie broken. Now...

Kwetza: Infecting Android Applications

Reading time: ~13 min

Posted by chris on 03 October 2016

Categories: Android, Anti-virus, Howto, Research, Tools

This blog post describes a method for backdooring Android executables. After describing the manual step, I will show how to...

Snoopy with Mana

Reading time: ~4 min

Posted by Dominic White on 14 September 2016

Categories: Maltego, Snoopy, Wifi

In 2011 Glenn and Daniel released Snoopy, a set of tools for tracking and visualising wireless client activity. However, the Snoopy...

What to look for in a training provider

Reading time: ~6 min

Posted by daniel on 05 September 2016

Categories: Blackhat, Training

In the last few years, the infosec training scene has exploded. Arguably, the largest training provider is Blackhat, and in...

MAPI over HTTP and Mailrule Pwnage

Reading time: ~8 min

Posted by etienne on 01 September 2016

Categories: Pentest, Powershell, Reversing, Tools

History In December 2015 Silent Break Security wrote about “Malicious Outlook Rules” and using these to get a remote shell....

Universal Serial aBUSe

Reading time: ~15 min

Posted by Dominic White on 15 August 2016

Categories: Defcon, Hardware, Usb

Last Saturday, at Defcon 24, we gave a talk entitled “Universal Serial aBUSe: Remote Physical Access Attacks” about some research...

SensePost at Blackhat & Defcon 2016

Reading time: ~2 min

Posted by Dominic White on 21 June 2016

Categories: Blackhat, Defcon, Training

The annual Hacker Summer Camp is nearly upon us, everyone at SensePost is getting ready. This is a brief overview...

PwnBank en route to Vegas

Reading time: ~3 min

Posted by chris on 20 June 2016

Categories: Android, Blackhat, Conferences, Ios, Mobile, Training

Everyone has a mobile phone (ok some have two) and the wealth of information people put into them is staggering....

PowerShell, C-Sharp and DDE The Power Within

Reading time: ~6 min

Posted by saif on 20 May 2016

Categories: Fun, Howto, Research

aka Exploiting MS16-032 via Excel DDE without macros. The modified exploit script and video are at the end. A while...

Handling Randomised MAC Addresses in MANA

Reading time: ~3 min

Posted by Dominic White on 20 May 2016

Categories: Mitm, Rogue-ap, Tools

mana development has been chugging along nicely. However, the OffSec crew politely asked us to move mana to proper releases...

Where SensePost meets the real world

Reading time: ~5 min

Posted by daniel on 09 May 2016

Categories: Blackhat, Defense, Infrastructure, Training

SensePost Training at Blackhat USA What is SensePost infrastructure training about and what does it give you as a novice pentester?...

Not-quite-triangulation using the who’s near me feature in location-aware web apps

Reading time: ~3 min

Posted by Dane Goodwin on 27 March 2016

Categories: Mobile, Tin-foil-hat

When assessing web applications, we typically look for vulnerabilities such as SQLi and XSS, which are generally a result of...

Too Easy – Adding Root CA’s to iOS Devices

Reading time: ~8 min

Posted by Dominic White on 23 March 2016

Categories: Certificates, Ios, Mitm, Mobile, Rogue-ap

With the recent buzz around the iMessage crypto bug from the John’s Hopkins team, several people pointed out that you...

DET – (extensible) Data Exfiltration Toolkit

Reading time: ~2 min

Posted by Paul on 19 March 2016

Categories: Conferences, Research, Tools

Often gaining access to a network is just the first step for a targeted attacker. Once inside, the goal is...

Advanced Cycript and Substrate

Reading time: ~9 min

Posted by etienne on 18 March 2016

Categories: How-to, Ios, Mobile

Mobile assessments are always fun as the environment is constantly evolving. A recent trend has been the use of custom...

Android hooking with Introspy

Reading time: ~8 min

Posted by symeon on 10 March 2016

Categories: Android, Howto, Mobile, Blackbox, Hooking

Here’s my first blog where I’ll try to write up how I’ve managed to set up the Introspy framework for...

Understanding Locky

Reading time: ~10 min

Posted by vlad on 19 February 2016

Categories: Research, Malware, Ransomware

A few days ago I was asked to have a look at the newly emerged crypto-ransomware threat “Locky” which utilises Dridex-like Command and Control...

Bringing the hashes home with reGeorg & Empire

Reading time: ~4 min

Posted by sara on 11 February 2016

Categories: Empire, Post-exploitation, Powershell

Is not a hack until you are 3 tunnels deep – Ian de Villiers External assessments. It’s about not only...

Sensepost Maltego Toolkit: Skyper

Reading time: ~4 min

Posted by stuart on 11 January 2016

Categories: Fun, Research, Tools, Maltego, Skype, Tool, Transforms

Collecting and performing Open Source Intelligence (OSINT) campaigns from a wide array of public sources means ensuring your sources contain...

Our Blog