Blackhat
SensePost Black Hat Course Summary & chosing the right courses
As we draw nearer to Black Hat Vegas we get a lot of requests from people who need help choosing between one of our courses or the other. In order to provide people with a single, consolidated summary of all the courses we’ll be offering this year I’ve put together a rough summary doc that outlines all the courses and attempts to illustrate how they fit together. Get it here:…
Hacking By Numbers: W^3 Edition
Well, we’re ramping up with the new Hacking By Numbers W^3 edition course we will be presenting at BlackHat Vegas this year. This course is a replacement for the Web2.0 course we successfully presented over the past three years and sports a whole bunch of new and improved practicals. We’ve also upped the technology being used and the presentation is chock-full of ASCII sheep… :) The new course is an…
Hacking by Numbers: BlackOps Edition
The brand new BlackOps HBN course makes its debut in Vegas this year. The course finds its place as a natural follow on from Bootcamp, and prepares students for the more intense Combat edition. Where Bootcamp focuses on methodology and Combat focuses on thinking, BlackOps covers tools and techniques to brush up your skills. This course is split into eight segments, covering scripting, targeting, compromise, privilege escalation, pivoting, exfiltration, client-side…
Hacking by Numbers: Bootcamp Edition
Salut à tous, It’s that time of the year again and like every year, we’ll once again be running our ever-popular “BOOTCAMP EDITION” at the BlackHat Briefings in Las Vegas this July-August. This course is part of our established Hacking by Numbers series. BUT, this year, only the name remains the same. We are slaving away at making this course cutting edge, providing you with a hands-on hacking experience on…
Cadet Training
You’ve seen the movies. You’ve seen the cooler than life characters hacking systems using obscure keyboards and operating systems that seem to float through the network, so how about now really learning how it’s done? Hacking by Numbers, Cadet Edition is being presented at Black Hat USA this year by two super star SensePost hackers. This entry-level course will delve into the following topics: • Understanding the hacker mind-set. • Method based…
Training – lots of stuff(c)
Hey. Charl here. Lots of stuff is happening on the training front right now (ed: right now!), and I wanted to make sure everyone is aware of it. 1. New schedule published At the start of the year we always try publish a schedule of when and where our various training courses are happening. Of course it changes a bit as the year progresses, but its a pretty good overview…
Playing with Python Pickle #3
[This is the third in a series of posts on Pickle. Link to part one and two.] Thanks for stopping by. This is the third posting on the bowels of Python Pickle, and it’s going to get a little more complicated before it gets easier. In the previous two entries I introduced Pickle as an attack vector present in many memcached instances, and documented tricks for executing OS commands across…
Playing with Python Pickle #2
[This is the second in a series of posts on Pickle. Link to part one.] In the previous post I introduced Python’s Pickle mechanism for serializing and deserializing data and provided a bit of background regarding where we came across serialized data, how the virtual machine works and noted that Python intentionally does not perform security checks when unpickling. In this post, we’ll work through a number of examples that…
Playing with Python Pickle #1
In our recent memcached investigations (a blog post is still in the wings) we came across numerous caches storing serialized data. The caches were not homogenous and so the data was quite varied: Java objects, ActiveRecord objects from RoR, JSON, pre-rendered HTML, .Net serialized objects and serialized Python objects. Serialized objects can be useful to an attacker from a number of standpoints: such objects could expose data where naive developers…
Black Hat Abu Dhabi – Full … NOT!
The bad news is that our course at Black Hat Abu Dhabi is completely full. The good news is … they’ve given us a bigger room! So if you’ve been told the course is full, or if you haven’t registered yet, please do it quickly before it fills up again. Problems? Please contact us or mail training[at]sensepost[dot]com.