Conferences
CREST South Africa? Let’s talk…
First, some background on CREST in the form of blatant plagiarism… CREST – The Council for Registered Ethical Security Testers – exists to serve the needs of a global information security marketplace that increasingly requires the services of a regulated and professional security testing capability. They provide globally recognised, up to date certifications for organisations and individuals providing penetration testing services. For organisations, CREST provides a provable validation of security…
ITWeb Security Summit 2012
This year, for the fourth time, myself and some others here at SensePost have worked together with the team from ITWeb in the planning of their annual Security Summit. A commercial conference is always (I suspect) a delicate balance between the different drivers from business, technology and ‘industry’, but this year’s event is definitely our best effort thus far. ITWeb has more than ever acknowledged the centrality of good, objective…
Pentesting in the spotlight – a view
As 44Con 2012 starts to gain momentum (we’ll be there again this time around) I was perusing some of the talks from last year’s event… It was a great event with some great presentations, including (if I may say) our own Ian deVilliers’ *Security Application Proxy Pwnage*. Another presentation that caught my attention was Haroon Meer’s *Penetration Testing considered harmful today*. In this presentation Haroon outlines concerns he has with Penetration…
Mobile Security Summit 2011
This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389). Charl was the keynote speaker and presented his insight on the impact of the adoption of mobile devices throughout Africa and the subsequent rise of security related risks. During his talk, he addressed the following: Understanding the need for mobile security to be taken seriously in Africa Analysing the broader implications for…
Metricon 2011 Summary
[I originally wrote this blog entry on the plane returning from BlackHat, Defcon & Metricon, but forgot to publish it. I think the content is still interesting, so, sorry for the late entry :)] I’ve just returned after a 31hr transit from our annual US trip. Vegas, training, Blackhat & Defcon were great, it was good to see friends we only get to see a few times a year, and make…
Black Hat Abu Dhabi && Cadet Online Edition
Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected Training and three tracks of Briefings over four days from December 12 to 15 December 2011. We’re pleased to announce that SensePost will be back again this year with our exciting new Wifi hacking course – Hacking By Numbers, Unplugged Edition, launched for the 1st time in Las Vegas this…
Runtime analysis of Windows Phone 7 Applications
Runtime analysis is an integral part of most application security assessment processes. Many powerful tools have been developed to perform execution/data flow analysis and code debugging for desktop and server operating systems. Although a few dynamic analysis tools such as DroidBox are available for Android, I currently know of no similar public tools for the Windows Phone 7 platform. The main challenge for Windows Phone 7 is the lack of…
SensePost @ 44Con – Join us!
Until recently, there was a distinct lack of decent, high-quality technical security conferences held in the United Kingdom. Home to the Global Financial Centre, London, there isn’t a shortage of industries who require secure applications and rely on secure infrastructure and applications to operate. With this in mind, 44Con is the first combined information security conference and training event held in Central London. The con will provide business and technical tracks, aimed at…
SensePost Black Hat Course Summary & chosing the right courses
As we draw nearer to Black Hat Vegas we get a lot of requests from people who need help choosing between one of our courses or the other. In order to provide people with a single, consolidated summary of all the courses we’ll be offering this year I’ve put together a rough summary doc that outlines all the courses and attempts to illustrate how they fit together. Get it here:…
From the International Conference on Cyber Conflict
The text that follows is a short statement I prepared for the press ahead of my presentation at the ‘The International Conference on Cyber Conflict’ (http://www.ccdcoe.org/ICCC/) in Tallinn, Estonia. It felt like I had very mixed response, so I’d be interested to hear what others think… Any opinion can only be understood if you also understand its context. Therefore, in order to understand the thinking that follows, you also have…