Blog Posts

"Your submission for Black Hat USA 2010 was accepted"

It doesn’t matter how many conferences you present at, or how much you hate LasVegas, around this time of the year those are very happy, welcome words. I’ll pop more details on the talk here in a few days (especially since I’m hoping to co-opt some of you). Interestingly enough, despite almost a decade of Blackhat/Defcon’s, it’s the first time I’ll be free to take a training class. I’m pretty stoked! /mh

Continue Reading

Memory Corruption and Hacker Folklore

A while back i thought it would be nice if we had an authoritative source of memory corruption attacks (and mitigations) in a single document. I resisted mainly because: It seemed like a lot of drudgery for something we have been able to do well without, It steers towards the word “taxonomy” [1] I was a little lazy. [1] Dave Aitel has posited that “people who thing (sic) of things as “Taxonomies” are always headed in the opposite direction from correct” Late

Continue Reading

(YaTT) Yet another Twitter Tool ?

I wanted to play with Django, so built this “toy” project to kick the tires. If you are on twitter (and don’t protect your tweets), check out It’s a very simple application that will grab a list of the people you follow, then grab the list of everyone they follow, to give you the top n% of people they follow that you dont. My favorite feedback on it so far was: @narvanitis: wow i dont follow @mdowd Reason enough

Continue Reading

Cargo Cult Startups

While talking to someone on IRC today, i mentioned that lot’s of young companies (and some old ones) are Cargo Cult Startups.. I was asked to explain (which is a sure fire sign that someone hasn’t been reading their Feynman), but figured i could probably elaborate. In his commencement speech at CalTech (and in his book “Surely You’re Joking Mr Feynman“) RPF talks about Cargo Cult Science. He was referring to Pacific Islanders, who having seen the planes landing from

Continue Reading

37Signals, ReWork, and ReThink..

I just finished the new book from 37Signals – “ReWork“, and it was a reasonably enjoyable read. (It was actually the first book i read through the iPhone Kindle App, which is incredibly cool)(Would love to see that discussion at Amazon, deciding if they should support the iPad to sell books, or try to starve the iPad to sell the Kindle?.. but i digress..) There are many, many 37Signal fanboys and signal vs noise has to be one of the

Continue Reading

Portswigger rocks..

If you didnt figure that portswigger rocked for his elite “The Web Application Hacker’s Handbook“, or for managing to put out a tool ive never heard anything bad about (in an industry full of people who dont hesitate to say bad things..), you have to give him +1 for having the coolest ad that ever graced an infosec magazine.. BURP SUITE PRO v1.3 NOW* AVAILABLE New features Same logo More expensive   *Product not available at time of

Continue Reading


Paul Maylam Rhodes University mourns the passing of its alumnus Dr. Fatima Meer on Friday, 12 March 2010, following a stroke she suffered two weeks ago. She was aged 82. In 2007 Rhodes awarded the honorary degree of Doctor of Literature to Fatima Meer: a courageous, selfless, independent-minded scholar-activist, never afraid to speak out and always ready to act on her words. She has been described as “a redoubtable fighter and doughty champion of the underclass”; as “dynamite in a

Continue Reading

The Passing on of a Legend..

On Friday my great-aunt passed away. She was an amazingly wonderful, warm lady who’s work and efforts have touched the lives of many. When you remember her as the soft spoken, self effacing granny figure at family functions, you tend to forget just how remarkable a person she was. Rhodes University published the following tribute penned by Paul Maylam. It’s the sort of tribute that makes you recognize the difference between regular people (like us) and legends like her.. The

Continue Reading

And now for something a little different…

Welcome to thinkst thoughts, my new blog home. There is a good chance you got here from the SensePost blog, where I’ve been pondering, posting & prognosticating for the past few years. Add us to your RSS reader.. (aka. the elevator pitch!) There is much broken in the info-sec industry, and there is much broken in general. There are answers waiting to be discovered, brand new questions waiting to be asked, and really important problems waiting to be worked on.

Continue Reading

Site Footer

Authored with 💚 by Thinkst