Grey bar Blue bar
Share this:

Tue, 22 Feb 2011

BlackHat Barcelona Training

Hola amigos,

We will be running our elite "Combat Training" at the BlackHat Briefings in Barcelona this March (talk lineup) and this course is the flagship of our established Hacking by Numbers series. From the first hour to the final minutes students are placed in different attacker scenarios as they race the clock to "capture the flag". The trainers are highly skilled (as well as having the standard Southern African humour, looks, and charm) and the course is full of new hacks.

I was involved in the training last year, and I'd highly recommend you come along. The BlackHat vibe was fantastic, the people were great, and the city was bustling. So, if you're interested in sharpening your skills, and would like to do so in a great environment, click here to sign up for Combat Training.

Other than the course, I'd recommend you see the sights while you're there. I thoroughly enjoyed my time in Barcelona last year. After the civil war the Catalan identity exploded and it's a nice alternative to the traditional Spanish culture. Whether it's visiting the last cathedral in the world still under construction, or wandering the Montjuïc hill with breathtaking views, or relaxing by the amazing beaches, Barcelona is a wonderful destination. Also, if you're lucky, you could catch a game by the best football team in the world.

So, to summarize:

What? Hacking by Numbers, Combat Edition Where? BlackHat Briefings, Barcelona, Spain When? March 15-16 Can I still signup? Yes

Adiós, Glenn

Thu, 17 Feb 2011

The Yeti is here

After several months of dedicated ... uh dedication, our new network footprinting tool is being made available to the masses.

It's called Yeti and it is a cross-platform, Java application. It's predecessor, BidiBlah, was only available on Windows platforms and hopefully with Yeti we can now offer Internet intelligence gathering to everyone.

So what does Yeti do:

  • Top level domain expansion (tld expand)
  • Forward lookups (mx,ns,a,cname and zone transfers)
  • Reverse lookups (ptr records)
  • Cert Extraction (getting the common name, and domain from ssl certificates)
  • Bing IP/Site searches
  • Report exports to xls format
We invite you all to visit the Yeti community blog and to participate in either testing the tool or just to add comments. Usage instructions can be found on the spyeti blogspot.

In particular we would like to point you to a recent post where we explain our reasoning for continued investment in developing and maintaining footprinting technology.

With the blog, we would like to muster up more of a community feel to our software, and create movement in the footprinting field. Recent successes in the field of Internet intelligence is compelling evidence that this field is untapped.

Yeti is released as Freeware without access to the source.

The plan is to in future maintain both a community freeware edition and a commercial edition.

Wed, 9 Feb 2011

Training - lots of stuff(c)

Hey. Charl here. Lots of stuff is happening on the training front right now (ed: right now!), and I wanted to make sure everyone is aware of it.

1. New schedule published

At the start of the year we always try publish a schedule of when and where our various training courses are happening. Of course it changes a bit as the year progresses, but its a pretty good overview of where you need to be if you want to participate in one of the courses. The current 2011 schedule can be found here.

2. Early registration discount extended

If you're thinking of participating in the Extended Edition course happening in Pretoria in March, you've missed the early registration discount cut-off. But there's good news! We're extending the early-bird registration deadline by one more week until Friday February 18th. So register now to enjoy discounted rates.

3. New course - "Building Security In" - with ThinkSmart

In partnership with SensePost, ThinkSmart's "Building security in" training course is a one-day, detailed review of the practice of building secure applications, from the governance drivers for application security to practical examples of how to defend against common vulnerabilities. We're pleased to be offering this course, in series with our own "Developer Edition", the next time we run it in July.

4. Hacking By Numbers "Combat Edition" - Barcelona - Now Open

As if you needed an excuse to visit Barcelona, we're pleased to announce that we'll be running our acclaimed "Combat Edition" at the Black Hat Briefings there on March 15-16. This course is the flagship course of the established Hacking by Numbers series. From the first hour to the final minutes students are placed in different attacker scenarios as they race the clock to "capture the flag". In the SensePost tradition, the solutions lie much more in technique and an out-of-box thought process than in the use of scripts or tools. Each exercise is designed to teach a specific lesson and will be discussed in detail after it is completed. In this way you learn from your instructors, your colleagues and your own successes and failures. Our trainers travel a long way to get to Barcelona, they're very charming and good looking, the course is full of sexy new hacks, and we'd really appreciate your support. To be a part of it register here.