2015
We need you to analyse the threats
Our Intelligence service team is growing and we are looking for a Threat Analyst to join us. Not only is the working environment pretty cool, the work you’ll be doing means you’ll be learning a lot and also working with some really smart people who are happy to share what they know. We also have great coffee.
This role is perfect for that person who literally gets excited about the thought of unpacking an attack, figuring out how they achieved what they did and then taking that information and creating practical defence guides and advice for our clients. If this sounds like you, send me an e-mail.
Maltego Webinar Series: Episode 01, Introduction
Hello Internet,
We’re going to be hosting monthly Maltego webinar sessions, and our first one is this Friday (24th April)! Being our first episode we’re going to start with the basics of the basics. Our agenda is as follows:
What is Maltego? Why Maltego? Where can I get it? How does this user interface work? What are these Maltego terms and buzzwords? What’s a transform and how I can run one? Bonus round! Sign up here if you’d like to join us:
Lovely Pwnies – Twitter Monitor
Recently there were revelations about a GHCQ initiative called ‘Lovely Horses’ to monitor certain hackers’ Twitter handles. The guys over at Paterva quickly whipped up a Maltego Machine to replicate this:
Building your own LovelyHorse monitoring system with Maltego (even the free version) – it’s easy!
We’ve wrapped some supporting transforms around that Machine to allow you to create and manage your own set of lovely horses (Twitter accounts), and dubbed it ‘Lovely Pwnies’. You can obtain the transforms and original Machine via the new Maltego Transform Hub.
Break the Web at BlackHat Singapore
Web application security training in 2015?
It’s a valid question we get asked sometimes. With the amount of books available on the subject, the tools that seemingly automate the process coupled with the fact that findings bugs in web apps should be harder now that frameworks and developers are more likely to produce secure code, is there a need to still train people up in the art of application exploitation?
SensePost Training
Over those years, we’ve trained thousands of students in the art of offensive and defensive security through our Hacking by Numbers courses.
Our courses are taken directly from the work we do. When we compromise networks, or applications with new techniques, they’re turned into modules in the appropriate course. We also don’t use trainers; every course is given by one of our analysts to keep it authentic.
For our fifteenth year, we’ve decided it was time to retire the ‘Hacking by Numbers’ name and just call it was it really always has been: SensePost Training.
Improvements in Rogue AP attacks – MANA 1/2
At Defcon 22 we presented several improvements in wifi rogue access point attacks. We entitled the talk “Manna from heaven” and released the MANA toolkit. I’ll be doing two blog entries. The first will describe the improvements made at a wifi layer, and the second will cover the network credential interception stuff. If you just want the goodies, you can get them at the end of this entry for the price of scrolling down.
Commercial Snoopy Launch! [ ShadowLightly ]
Hello world!
We’ve been busy squireling away on a much requested project – a commercial Snoopy offering. We’ve called it ShadowLightly, and we’d like to invite you to join the beta explorer program. We’re going to offer ten 3-month trials to the site (you’d need to buy sensors / build your own), and in return we’d ask that you help us debug any issues. To apply, please email explorer@shadowlightly.com – introduce yourself, and tell us a little about why you’d like to join the program.
Prev
Page 2 of 2