2011
From the International Conference on Cyber Conflict
The text that follows is a short statement I prepared for the press ahead of my presentation at the ‘The International Conference on Cyber Conflict’ (http://www.ccdcoe.org/ICCC/) in Tallinn, Estonia. It felt like I had very mixed response, so I’d be interested to hear what others think… Any opinion can only be understood if you also understand its context. Therefore, in order to understand the thinking that follows, you also have…
Hacking By Numbers: W^3 Edition
Well, we’re ramping up with the new Hacking By Numbers W^3 edition course we will be presenting at BlackHat Vegas this year. This course is a replacement for the Web2.0 course we successfully presented over the past three years and sports a whole bunch of new and improved practicals. We’ve also upped the technology being used and the presentation is chock-full of ASCII sheep… :) The new course is an…
Hacking by Numbers: BlackOps Edition
The brand new BlackOps HBN course makes its debut in Vegas this year. The course finds its place as a natural follow on from Bootcamp, and prepares students for the more intense Combat edition. Where Bootcamp focuses on methodology and Combat focuses on thinking, BlackOps covers tools and techniques to brush up your skills. This course is split into eight segments, covering scripting, targeting, compromise, privilege escalation, pivoting, exfiltration, client-side…
Incorporating cost into appsec metrics for organisations
A longish post, but this wasn’t going to fit into 140 characters. This is an argument pertaining to security metrics, with a statement that using pure vulnerability count-based metrics to talk about an organisation’s application (in)security is insufficient, and suggests an alternative approach. Comments welcome. Metrics and statistics are certainly interesting (none of those are infosec links). Within our industry, Verizon’s Data Breach Investigations Report (DBIR) makes a splash each…
Hacking by Numbers: Bootcamp Edition
Salut à tous, It’s that time of the year again and like every year, we’ll once again be running our ever-popular “BOOTCAMP EDITION” at the BlackHat Briefings in Las Vegas this July-August. This course is part of our established Hacking by Numbers series. BUT, this year, only the name remains the same. We are slaving away at making this course cutting edge, providing you with a hands-on hacking experience on…
Rhodes MSc Information Security Weekend
An education isn’t how much you have committed to memory, or even how much you know. It’s being able to differentiate between what you know and what you don’t. – Anatole France Jobs within Information Security, and indeed Information Technology, are often more than a 9-5 affair for many who choose them as their career. There is a wealth of different technologies, frameworks, approaches and information that you need to…
Cadet Training
You’ve seen the movies. You’ve seen the cooler than life characters hacking systems using obscure keyboards and operating systems that seem to float through the network, so how about now really learning how it’s done? Hacking by Numbers, Cadet Edition is being presented at Black Hat USA this year by two super star SensePost hackers. This entry-level course will delve into the following topics: • Understanding the hacker mind-set. • Method based…
ITWeb Security Summit
The ITWeb Security Summit is creeping up on us again and will be happening on the 10-11th of May. This year ITWeb went with something slightly different, and are asking for people to suggest who they’d like to see on day 2. These suggestions will then be voted on. So, if there’s someone you’re dying to see present or a topic you really want someone to spend some time researching,…
To understand the battlefield, you need a broad view
It is always a little bemusing to hear that we only provide pentests. Since 2001, SensePost has offered a very comprehensible vulnerability management service that’s evolved through multiple generations of technologies and methodologies into a service we’re very proud of. The Managed Vulnerability Scanning (“MVS”) service makes use of our purpose-built BroadView scanning technology to scan a number of high profile South African and European clients. More information can be found…
BlackHat Barcelona Training
Hola amigos, We will be running our elite “Combat Training” at the BlackHat Briefings in Barcelona this March (talk lineup) and this course is the flagship of our established Hacking by Numbers series. From the first hour to the final minutes students are placed in different attacker scenarios as they race the clock to “capture the flag”. The trainers are highly skilled (as well as having the standard Southern African humour,…