Charl Van Der Walt
Hacking By Numbers – South Africa – September ’10
From the team that won the world’s first Soccer Hack Cup, we bring you the latest and the greatest in computer hacking training – SensePost Hacking By Numbers Extended Edition – a local course that combines two of the brand new courses we just finished presenting at Black Hat Las Vegas. The training will be offered in Brooklyn Pretoria from 14 – 17 September 2010. Here’s how it will work: 14…
New SensePost Website – check it out
Sigh. We’ve never been much good at marketing or advertising, and I guess we still aren’t. But we have tried to give our old website a bit of a face-lift, and it’s starting to feel like we’re finally making some progress. Certainly most of the content is new and accurate and and certainly its much more comprehensive than our previous one. We’ve also gone to some effort to implement a…
SensePost Ten Years Old
After ten fascinating years, during which many people have contributed in so many ways to the place that is SensePost, by strange coincidence it falls on me to pen the words that mark our first decade in existence. To quote Robert Hunter: “What a long strange trip it’s been”. SensePost was officially founded on February 14, 2000. Of everyone who was involved at that time, I’m the only one still…
Open Patch Management Survey
Rich Mogull (who’s stuff I really quite dig) has launched an ‘Open Patch Management Survey’ via the SecurityMetrics blog. Its an interesting idea, and they plan to release both their analysis *and* the raw data, which might be really insightful for our VMS stuff. Corporations can take the SurveyMonkey survey at http://www.surveymonkey.com/s.aspx?sm=SjehgbiAl3mR_2b1gauMibQw_3d_3d, and there’s some nice material already available at http://securosis.com/projectquant. Here’s the rest of Rich’s message (pls forgive the cross-post): Our goal…
Hack Like You Mean It – we’re taking PCI to Vegas
We’ve been busying ourselves with the PCI DSS in one way or another for more than a year now here at SensePost. Its been a frustrating exercise of mixed messages, politics, tokenism, mixed in with a healthy dose of mixed feelings about what the standard offers and whether that’s good for anyone at all. Now, finally, we’re accredited to do this that and the other under the standard so we…
Attack Vector based Risk Management?
Interesting post by Michael Dahn at pcianswers.com discussed (again) the difference between compliance and security. Do you know the joke about the difference between a canary? Apparently, its one leg is the same. Well, according to the post, the difference between compliance and security is… there is no spoon. I’m sounding facetious, but the post is actually not bad. Read more… But actually, there was another part of the post that caught my…
ITWeb Security Summit 2009 – CFP Deadline
I just wanted to remind everyone that the CFP for the 2009 ITWeb Security Summit closes on 26 Jan. We’re hoping to see much more in the way of submissions from local infosec people (especially from corporates) but there’s also still room for international submissions. So far I know of 11 ‘international’ submissions. ITWeb is really good to its international speakers so non- South Africans shouldn’t be put off by…
SensePost Training @ Black Hat DC
So… Black Hat DC is rushing at us like a speeding big… speeding thing. This is just a friendly a reminder about the show (Hyatt Regency Crystal City • February 16-19). We have two courses on offer at the DC show this year – Bootcamp (a highly practical course that teaches method-based hacker thinking, skills and techniques) and Combat (all hack, no talk – our flagship course). One small change…
Hacking By Numbers Online – your thoughts?
We often get asked by students of our Hacking By Numbers courses if the course environments or at least the VMWare images are available after the training is over. As a result we’ve started to experiment with a model for offering our courses in an online environment. The idea would be to maintain the full numbers of labs and technical work, maintain the high standard of trainers and materials, but…
More Conn News – PCI Johannesburg
I got contacted the other day (via LinkedIn actually, which is a 1st for me) about a PCI conference some folks are trying to organize here in Johannesburg in January next year. I don’t really know the people (or the conference) but it seems like something that’s sorely needed here and maybe worth making a small investment in. Here’s where you can get the lowdown – http://www.pci-portal.com/events/event-info/event/pci-johannesburg