Conferences
SensePost trains in Spain.
Hey everyone. We will once again be presenting our BootCamp training course at the BlackHat Europe Conference. It seems this is a quiet year in terms of training sessions so I guess everyone is starting to feel the pinch of the present economic climate. Nevertheless we have committed to being in Barcelona so we’re going for it anyway. It will be the first time we are training in Spain, which…
26th Chaos Communication Congress..
is currently on in Berlin. As usual [it] looks like a blast, and as usual, media [is online] before the speaker shuts down his presentation machine.. SensePosters can grab a local copy of the EN-vids [here] /mh
ZaCon – A con in need of a better tagline…
ZaCon came and went, “and a fun time was had by all!” The first run was a semi-cosy affair held at the University of Johannesburg, with 16 speakers holding the crowd from 08h00 till 18h00. ZaCon had many SensePost faces, but is not expressly an SP initiative.. It’s a community based con aimed at growing the next gen of South African hax0rs.. My brief ~12 minute intro: “Why Zacon” explains…
Defcon-17 – Clobbering the Cloud
Our DC-17 video (of the “Clobbering the Cloud” talk) is now available on the the new look DefCon download site: [here] All of the other DC17 videos can be found [here] (if you are a senseposter, you can grab them with descriptions from [here])
Fasm2009 – Videos online..
The “Fasm conference is an informal meeting of coders interested in x86 assembly programming.” Some of the videos can be grabbed [sp_local|Other] /mh
BlackHat presentation demo vids: MobileMe
[part 5 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] The final installment of our BlackHat video series showcases weaknesses in the password reset feature for Apple’s MobileMe service as well as publicizing an XSS vulnerability in the application. At first glance the choice of MobileMe may seem arbitrary, but it was useful for a number of reasons. MobileMe is one of the more…
BlackHat presentation demo vids: Amazon
[part 4 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] In the fourth installment of our BlackHat video series, we turned our attention to Amazon’s cloud platform and focused on their Elastic Compute Cloud (EC2) service specifically. Theft of resources is the red-headed step-child of attack classes and doesn’t get much attention, but on cloud platforms where resources are shared amongst many users these…
BlackHat presentation demo vids: SalesForce Sifto
[part 3 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Our third video write-up covers abuse of cloud services. By signing up for free accounts, it is possible to gain access to small amounts of free resources, specifically processing time and bandwidth. However these resources are tightly controlled to maintain fairness across the many thousands of users who share the same platform. We aim…
BlackHat presentation demo vids: SalesForce ClickJacking
[part 2 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] The premise behind this video was that while we are migrating more and more services into the cloud, the front-end through which the services are accessed as well as managed is (in many cases) a web application and we still have not figured out how to write secure web applications reliably. The implication is…
BlackHat presentation demo vids: SugarSync
[part 1 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] We wanted to demonstrate how access to cloud resources can bring certain attack classes within reach of regular users. Instead of focusing on brute-forcing regular user credentials such as usernames and passwords, we decided to look at less noisy options since failed logins would typically be a closely watched metric. To this end, different…