Blackhat
Into The Cloud
Picture this. Every year, a group of Plakkers (our nickname for those who work at SensePost) descended into Las Vegas with more luggage than Imelda Marcos on a shoe shopping spree. In recent years, our kit list was immense. 200+ laptops, 25 servers, screens, switches and more backup disks than one should ever carry past TSA. Often we got there days before Blackhat started and spent 24 hours making sure…
Mobile Application Bootcamp – Journeyman Level – Black Hat Vegas 2015
Mobile Course, O RLY? The mobile app market, and app usage, grew 76% in 2014 [1]. From shopping, utilities, productivity and health apps. Flurry, the mobile app analytics firm responsible for the survey, tracked 2.079 trillion app sessions, with a daily session record taking place on December 31st with 8.5 billion sessions as people celebrated New Year’s Eve. We are placing more information online via mobile apps than ever before,…
Break the Web at BlackHat Singapore
Web application security training in 2015? It’s a valid question we get asked sometimes. With the amount of books available on the subject, the tools that seemingly automate the process coupled with the fact that findings bugs in web apps should be harder now that frameworks and developers are more likely to produce secure code, is there a need to still train people up in the art of application exploitation?…
SensePost Training
Over those years, we’ve trained thousands of students in the art of offensive and defensive security through our Hacking by Numbers courses. Our courses are taken directly from the work we do. When we compromise networks, or applications with new techniques, they’re turned into modules in the appropriate course. We also don’t use trainers; every course is given by one of our analysts to keep it authentic. For our fifteenth…
SensePost Challenge – Winners and Walkthrough
We recently ran our Black Hat challenge where the ultimate prize was a seat on one of our training courses at Black Hat this year. This would allow the winner to attend any one of the following: BlackOps – Our intermediate pentesting course Infrastructure Bootcamp – Introduction to pwning over the Internet Mobile Bootcamp – Introduction to mobile hacking Web Application Bootcamp – Introduction to web app hacking The challenge…
Hacking Challenge: Drive a tank through it
At SensePost we get to enjoy some challenging assessments and do pretty epic things. Some days it feels like the only thing that could make it better would be driving tanks while doing it. The best hacks normally make their way into our training courses as practical exercises where students get to replicate (and improve on) these hacks. However, we know that there isn’t always room for all the epicness and…
Mobile Hacking on the West Coast
December sees SensePost presenting Hacking by Numbers: Mobile at BlackHat West Coast Trainings. This course was first presented at BlackHat Vegas 2013 and 44Con 2013, growing in popularity and content with each iteration. For more information continue reading below or visit https://blackhat.com/wc-13/training/Hacking-by-Numbers-Mobile.html. The mobile environment has seen immense growth and has subsequently seen organisations racing to be the first to market with the next best app. The rapid increase in mobile…
BlackHat Conference: Z-Wave Security
We are publishing the research paper and tool for our BlackHat 2013 USA talk on the Z-Wave proprietary wireless protocol security. The paper introduces our Z-Wave packet interception and injection toolkit (Z-Force) that was used to analyze the security layer of Z-Wave protocol stack and discover the implementation details of the frame encryption, data origin authentication and key establishment process. We developed the Z-Force module to perform security tests against…
Rogue Access Points, a how-to
In preparation for our wireless training course at BlackHat Vegas in a few weeks, I spent some time updating the content on rogue/spoofed access points. What we mean by this are access points under your control, that you attempt to trick a user into connecting to, rather than the “unauthorised access points” Bob in Marketing bought and plugged into your internal network for his team to use. I’ll discuss how…
BlackHat Challenge – 2013
One of the things we try and get across in our training – is that pen-testing requires out of the box thinking. It’s also about solving puzzles and making things work the way you want them to. It’s about identifying the small vulnerabilities (which are often easy to spot), and trying to leverage them into something useful. A key process we strive to do at SensePost, when performing these penetration…