2011
Press Release – London Hacking & Security Courses
School’s never out for the Pro!
We’re proud to announce that we are now offering our highly successful penetration testing training courses to the UK market from 2012.
SensePost has been providing penetration testing training courses to corporates and governments across the globe, and at prestige security events such as Black Hat and OWASP for over a decade. Initially, three courses in London for 2012 have been organised:
HBN Extended Edition (4 days) – 13-17, February 2012 HBN W^3 Edition (3 days) – 14-16 March 2012 HBN Unplugged (2 days) – 18-19 April 2012 The first course, HBN Extended Edition is set at an introductory level for technical people without experience in the world of hacking or penetration testing. It presents attendees with the background information, technical skill and basic concepts that are required to get started in this field.
Competition winner announced
On Saturday Dec 3, at BSides Cape Town we announced the winner of a prize for local information security research. The purpose of the competition was twofold. Firstly, to highlight interesting research produced in .za for the purpose of publicising up ‘n coming security folks, since there are a few disparate communities (academic / industry is the greatest split). Secondly, to provide some degree of reward in the form of a cash prize. The prize is (unsurprisingly) not meant to compensate for time spent, but rather to give the typical researcher who conducts the work in their spare time some recognition and perhaps a cool gadget to associate with the work.
R5000 ZA research prize to be presented at B-Sides Cape Town, nominations sought
SensePost is proud to announce a competition to identify the best information security research published by a resident of South Africa in 2011 (Jan 1st to Dec 3rd). Much security research is unfunded and private but, when published, enters the toolsets and minds of security companies worldwide. South Africa’s security industry is best-described as “fledgling”, and we want to support researchers who produce quality research.
Heads up: even if you’re not a researcher, you can still win by nominating work, so continue reading.
Mobile Security Summit 2011
This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389).
Charl was the keynote speaker and presented his insight on the impact of the adoption of mobile devices throughout Africa and the subsequent rise of security related risks. During his talk, he addressed the following:
Understanding the need for mobile security to be taken seriously in Africa Analysing the broader implications for the user and the company The types of attacks occurring against mobile devices What does the future of mobile security look like and what are the potential threats to users? Understanding the particular threats posed by smartphones and other portable devices, e.g. tablets The presentation can be accessed via link below:
Squinting at Security Drivers and Perspective-based Biases
While doing some thinking on threat modelling I started examining what the usual drivers of security spend and controls are in an organisation. I’ve spent some time on multiple fronts, security management (been audited, had CIOs push for priorities), security auditing (followed workpapers and audit plans), pentesting (broke in however we could) and security consulting (tried to help people fix stuff) and even dabbled with trying to sell some security hardware. This has given me some insight (or at least an opinion) into how people have tried to justify security budgets, changes, and findings or how I tried to. This is a write up of what I believe these to be (caveat: this is my opinion). This is certainly not universalisable, i.e. it’s possible to find unbiased highly experienced people, but they will still have to fight the tendencies their position puts on them. What I’d want you to take away from this is that we need to move away from using these drivers in isolation, and towards more holistic risk management techniques, of which I feel threat modelling is one (although this entry isn’t about threat modelling).
Metricon 2011 Summary
[I originally wrote this blog entry on the plane returning from BlackHat, Defcon & Metricon, but forgot to publish it. I think the content is still interesting, so, sorry for the late entry :)]
I’ve just returned after a 31hr transit from our annual US trip. Vegas, training, Blackhat & Defcon were great, it was good to see friends we only get to see a few times a year, and make new ones. But on the same trip, the event I most enjoyed was Metricon. It’s a workshop held at the Usenix security conference in San Francisco, run by a group of volunteers from the security metrics mailing list and originally sparked by Andrew Jacquith’s seminal book Security Metrics.
Decrypting iPhone Apps
This blog post steps through how to convert encrypted iPhone application bundles into plaintext application bundles that are easier to analyse.
Requirements:
1) Jailbroken iPhone with OpenSSH, gdb plus other utilities (com.ericasadun.utilities etc. etc.)
2) An iPhone app
3) On your machine:
otool (comes with iPhone SDK) Hex editor (0xED, HexWorkshop etc.) Ida – Version 5.2 through 5.6 supports remote debugging of iPhone applications (iphone_server). For this article, I will use the app name as “blah”.
Be Inspired
Talented Innovative Quality driven Forward thinking Trusted advisors And …simply good fun! These are all phrases associated with SensePost. Do you think you have what it takes to become part of our expanding GLOBAL team?
We are looking for more security assessment consultants to join us in the UK and South Africa. Security assessments are what we live and breathe – whether it’s foot-printing and obtaining enterprise domain admin rights on production networks, training hundreds at conferences around the world, to reverse-engineering mobile applications and producing cutting-edge security applications.
Press Release – Jane Frankland joins SensePost
The SensePost marketing division, a highly skilled team of ruthless spin-doctors, is proud to announce that they have written … a press release. Indeed, this team of fawners, flunkeys, lackeys and puffers has been slaving since early 2009 to come up with the pristine example of literary art you will read below. If you’re intimidated by what I’ve just said, harbour a fanatical dislike for marketing folks or simply don’t read so good, then here’s the short version:
Black Hat Abu Dhabi && Cadet Online Edition
Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected Training and three tracks of Briefings over four days from December 12 to 15 December 2011.
We’re pleased to announce that SensePost will be back again this year with our exciting new Wifi hacking course – Hacking By Numbers, Unplugged Edition, launched for the 1st time in Las Vegas this year. This course is fresh and exciting and was an amazing success at Black Hat earlier this year. You can register directly on the Black Hat site, or contact us if you want more information.
Page 1 of 4
Next