Our Blog
A closer look into the RSA SecureID software token
Widespread use of smart phones by employees to perform work related activities has introduced the idea of using these devices as an authentication token. As an example of such attempts, RSA SecureID software tokens are available for iPhone, Nokia and the Windows platforms. Obviously, mobile phones would not be able to provide the level of tamper-resistance that hardware tokens would, but I was interested to know how easy/hard it could…
CREST South Africa? Let’s talk…
First, some background on CREST in the form of blatant plagiarism… CREST – The Council for Registered Ethical Security Testers – exists to serve the needs of a global information security marketplace that increasingly requires the services of a regulated and professional security testing capability. They provide globally recognised, up to date certifications for organisations and individuals providing penetration testing services. For organisations, CREST provides a provable validation of security…
ITWeb Security Summit 2012
This year, for the fourth time, myself and some others here at SensePost have worked together with the team from ITWeb in the planning of their annual Security Summit. A commercial conference is always (I suspect) a delicate balance between the different drivers from business, technology and ‘industry’, but this year’s event is definitely our best effort thus far. ITWeb has more than ever acknowledged the centrality of good, objective…
Pentesting in the spotlight – a view
As 44Con 2012 starts to gain momentum (we’ll be there again this time around) I was perusing some of the talks from last year’s event… It was a great event with some great presentations, including (if I may say) our own Ian deVilliers’ *Security Application Proxy Pwnage*. Another presentation that caught my attention was Haroon Meer’s *Penetration Testing considered harmful today*. In this presentation Haroon outlines concerns he has with Penetration…
Pfortner calls on SensePost expertise to validate their security posture
Pretoria South Africa — SensePost, a leader in penetration testing and information security services, announced today that Pfortner had called on their expertise to validate their encryption services in South Africa. With the financial services sector in South Africa being deeply competitive, Pfortner needed to provide a high-level of assurance for their clients as to the security of their encryption service. As a standard requirement Pfortner clients have to be…
Foot printing – Finding your target…
We were asked to contribute an article to PenTest magazine, and chose to write up an introductory how-to on footprinting. We’ve republished it here for those interested. Network foot printing is, perhaps, the first active step in the reconnaissance phase of an external network security engagement. This phase is often highly automated with little human interaction as the techniques appear, at first glance, to be easily applied in a general…
Mobile Security – Observations from the developing world
By the year 2015 sub-Saharan Africa will have more people with mobile network access than with access to electricity at home. This remarkable fact from a 2011 MobileMonday report came to mind again as I read an article just yesterday about the introduction of Mobile Money in the UK: By the start of next year, every bank customer in the country may have the ability to transfer cash between bank…
Hacking By Numbers – March 2012
Our next locally scheduled training sessions have been planned for March. If you’re interested in attending, the dates and locations are: 1) HBN Extended (Cadet Camp; Bootcamp) 6-9th March The HBN ‘Extended Edition‘ is simply an intensive extended version of the regular Bootcamp course. Whilst the content and structure are essentially the same as Bootcamp, the Extended Edition offers students a deeper understanding of the concepts being presented and affords…
Press Release – London Hacking & Security Courses
School’s never out for the Pro! We’re proud to announce that we are now offering our highly successful penetration testing training courses to the UK market from 2012. SensePost has been providing penetration testing training courses to corporates and governments across the globe, and at prestige security events such as Black Hat and OWASP for over a decade. Initially, three courses in London for 2012 have been organised: HBN Extended…
Competition winner announced
On Saturday Dec 3, at BSides Cape Town we announced the winner of a prize for local information security research. The purpose of the competition was twofold. Firstly, to highlight interesting research produced in .za for the purpose of publicising up ‘n coming security folks, since there are a few disparate communities (academic / industry is the greatest split). Secondly, to provide some degree of reward in the form of…