Hackathons are used by many tech companies to give their employees breathing space to work on new ideas. Google and Facebook are big fans and Facebook's Like button was conceived as part of a hackathon. Getting everyone together at the same time was no mean feat, the term 'herding cats' springs to mind but on the week of 12th of November, all SensePost'rs were in our new offices and ready to break, build and develop.
Prior to the event, we asked everyone to think about what they wanted to work on. As mentioned above, there was no specific guideline as to what anyone could come up with, as you can't force creativity. After a brainstorming session, the following ideas were given and solutions made during the hackathon period*:
1. SensePost World App
A mobile application (multi-platform) that will streamline the process of receipts, expenses, travel requests, holiday leave etc.
2. SensePost IRC Bot
A IRC bot that will offer:
An application that allows us to utilise SMS from a company-wide perspective, including:
4. Magstripe Hacking
Having moved into our new fancy offices, we decided to look at the current implementation of magstripe used to work out if we could read the data, clone the data and create free parking for us (at the same time, potentially looking for flaws in the magstripe implementation). The magstripes on the parking tickets were very unsual. Between the reader in the office, and Andrew Mohawk's more advanced ones, we could not get a consistent read. It is possible that the cards use an unusual arrangement of tracks. Typically there are 3 horizontal tracks at predefined heights. If the tracks are at unusual heights we may have been getting interference between said tracks. Andrew has tried to dissect one of the cards, but no luck yet.
Watch this space. 5. AV VirusTotal Project
Rather than submitting our payloads to VirusTotal (who then inform the vendors), we will create our own version that uses all vendors, to determine if our custom payloads could be detected.
6. SensePost Green Project
A project to make our business greener in approach and ideas. How responsibly were we using resources? What was our consumption of electricity and water like and could it be made better?
With teams created and everyone clear on what they had to do, 48-hours were given to create the above ideas. Food, drink, hardware and toys were provided. Vlad brought some amazing Russian Vodka and energy drinks were supplied.
The cool thing about the hackathon was that some of the top ideas came from traditionally non-technical people, such as our finance wizard who came up with the idea of the SensePost world app. This was the outcome that we wanted: to prove that you don't need to be a heavy tech-orientated person to come up with meaningful projects or ideas.
Overall the 2012 Hackathon was a brilliant time had. Some amazing ideas have come to light, ones that will see us pushing offensive approaches and also ones that will have an impact on the way we work at SensePost.
For those thinking about running an internal hackathon, I'd say go for it. Giving people the space to work on ideas with likeminded colleagues will only bring benefits.
*There were other projects, but they won't see the light of day as of yet, so will remain confidential until the time is right.
We will be running our elite "Combat Training" at the BlackHat Briefings in Barcelona this March (talk lineup) and this course is the flagship of our established Hacking by Numbers series. From the first hour to the final minutes students are placed in different attacker scenarios as they race the clock to "capture the flag". The trainers are highly skilled (as well as having the standard Southern African humour, looks, and charm) and the course is full of new hacks.
I was involved in the training last year, and I'd highly recommend you come along. The BlackHat vibe was fantastic, the people were great, and the city was bustling. So, if you're interested in sharpening your skills, and would like to do so in a great environment, click here to sign up for Combat Training.
Other than the course, I'd recommend you see the sights while you're there. I thoroughly enjoyed my time in Barcelona last year. After the civil war the Catalan identity exploded and it's a nice alternative to the traditional Spanish culture. Whether it's visiting the last cathedral in the world still under construction, or wandering the Montjuïc hill with breathtaking views, or relaxing by the amazing beaches, Barcelona is a wonderful destination. Also, if you're lucky, you could catch a game by the best football team in the world.
So, to summarize:
What? Hacking by Numbers, Combat Edition Where? BlackHat Briefings, Barcelona, Spain When? March 15-16 Can I still signup? Yes
Hey. Charl here. Lots of stuff is happening on the training front right now (ed: right now!), and I wanted to make sure everyone is aware of it.
At the start of the year we always try publish a schedule of when and where our various training courses are happening. Of course it changes a bit as the year progresses, but its a pretty good overview of where you need to be if you want to participate in one of the courses. The current 2011 schedule can be found here.
2. Early registration discount extended
If you're thinking of participating in the Extended Edition course happening in Pretoria in March, you've missed the early registration discount cut-off. But there's good news! We're extending the early-bird registration deadline by one more week until Friday February 18th. So register now to enjoy discounted rates.
3. New course - "Building Security In" - with ThinkSmart
In partnership with SensePost, ThinkSmart's "Building security in" training course is a one-day, detailed review of the practice of building secure applications, from the governance drivers for application security to practical examples of how to defend against common vulnerabilities. We're pleased to be offering this course, in series with our own "Developer Edition", the next time we run it in July.
4. Hacking By Numbers "Combat Edition" - Barcelona - Now Open
After hearing our talk was accepted at BlackHat, we're happy to announce that our training will be back for it's 9th straight run. Speaking of a run, we're going to be hosting the usual marathon of courses: cadet, bootcamp, combat, web 2.0. But, while the names remain, we've spent some time updating the material. In particular, bootcamp, combat & web 2.0 have been through the ringer. We're hoping to get some detailed info on the updates out in the coming weeks.
In a cheap marketing ploy to introduce our new twitter account and remind people of our training, we're running one of those retweet competition things on twitter. In short, retweet this tweet, and if you're going to BH Vegas this year, you could win free attendance to one of our courses of your choice. That's worth about $2 700 at regular prices. Cheap marketing tricks for us == expensive training for you. We won't force you to tweet about how good looking we are (we are very good looking), or ask you for you password.
I wanted to remind folk that the CFP for the ITWeb Security Summit closes on 26 Jan 2009. You can check it out at http://www.itweb.co.za/events/securitysummit/2009/. Local (ZA) should please make themselves heard, but the organizers are also sponsoring travel for international speakers so if you ever wanted to visit the gool ol' RS of A (that's in Africa) then here's your chance....