Blackhat
Orange Cyberdefense at Hacker Summer Camp
It’s that time of year again where we head out to the desert, more specifically Las Vegas, for what is known as Hacker Summer Camp to attend Black Hat and DEF CON 31! Like previous years, the SensePost team will be present in full force delivering talks, training and hanging out at numerous occasions. For an idea on what we’ve got lined up, check out the rest of this blog post. If you’re keen to meet up, feel free to reach out!
blackhat_defcon_virtual_vegas_2021.zip
Phew! This year’s hacker summer camp is packed with presentations from several hackers across the globe at Orange Cyberdefense. I can’t possibly go into all of the many details, but hope to give a somewhat compressed view of the highlights!
This year we have a total of 10 representations. Four of those are DEF CON 29 talks, where two are main stage talks, one a demo labs talk and one a radio frequency village talk. On the training side of things, we’re delivering five courses at BlackHat USA 21, and one course at Ringzer0. I’ve been fortunate enough to see the behind the scenes preparation that goes into these and can’t wait for the world to see and experience them too!
Routopsy – Hacking Routing with Routers
This is a summary of our BlackHat USA 2020 talk.
Introduction On some of our engagements, Szymon and I found ourselves on various networks vulnerable to; insecure, misconfigured, and often overlooked networking protocols. These included dynamic routing protocols (referred to as DRP‘s) and first hop redundancy protocols (referred to as FHRP‘s). We decided to focus on these two classes of networking protocols to manipulate traffic flows and identify non-conventional ways of performing Person-in-the-Middle (PitM) attacks. This post details the results of that research and the tool we wrote to explore this attack surface. The tool is called Routopsy and is available on Github.
SensePost at BlackHat & Defcon 2017
July is our favourite time of year, when thousands descend into Las Vegas for Blackhat/Defcon, or more commonly referred to as ‘Hacker Summer Camp’. This year, our camp councillors have been working hard to bring you all our latest creations.
BlackHat Training We’re running our usual training at BlackHat, and as usual have been working hard to build new courses and update others. Here’s a list:
BLACK OPS HACKING FOR PENTESTERS – MASTER LEVEL PENTESTING ENTERPRISE INFRASTRUCTURE – JOURNEYMAN LEVEL SECDEVOPS: INJECTING SECURITY INTO DEVOPS (NEW) TACTICS, TECHNIQUES AND PROCEDURES FOR HACKERS We’re pretty excited about the new SecDevOps course, which reflects what we’ve learned about transitioning old-style project pentesting into an agile world.
Pentesting Enterprise Infrastructure – Journeyman Level
Sophisticated attacks aim to hide from endpoint solutions
Advanced hacking.
Expert approaches
We are inundated by advanced this, expert that, when it comes to hacking and hacking training. When a breach occurs, the media portray it as some epic hack that mere mortals would struggle to comprehend, when in reality it’s actually a run of the mill SQLi attack. Often it’s not advanced, but makes use of a series of vulnerabilities chained together, using Tactics, Techniques and Procedures (TTP) often used by attackers when owning networks.
Womens Training Scholarship
SensePost and BlackHat are proud to announce a new scholarship initiative for a woman in the information security field. The scholarship will include a ticket to Black Hat USA 2017 in Las Vegas, complimentary access to one of our training courses, airfare, and accommodation.
The scholarship will be awarded to a woman who demonstrates a strong desire to hone her InfoSec skills (more below).
How To Enter?
To enter, send us reasons as to why you believe *you* should attend one of our training courses and Blackhat USA. This could be in the form of an essay, examples of projects you are working on, stuff you’ve built or building or generally anything you think supports your claim for a place.
What to look for in a training provider
In the last few years, the infosec training scene has exploded. Arguably, the largest training provider is Blackhat, and in the last 15 years we’ve seen it grow from a handful of courses to 106 at the last BlackHat USA. With many courses purportedly offering the same or similar content, it’s getting harder to choose as a student.
This blog entry will cover some of the stuff we think makes our courses pretty great, and why we’re so proud of them. It may also help you to evaluate whether our courses are what you’re looking for at at least how to spot the better courses (not just ours) in a list of 100+.
The Basics
It’s our belief that if you have a deep passion for the work you do, then not only will you work hard to be great at it, you’ll also enjoy sharing that passion by teaching others. It’s held true for us for many years, and we make a point of putting our best analysts, rather than specialised trainers, to run our courses.
SensePost at Blackhat & Defcon 2016
The annual Hacker Summer Camp is nearly upon us, everyone at SensePost is getting ready. This is a brief overview of what we’ll be doing. The tl;dr is: BlackHat Training, BlackHat Arsenal x2, Defcon talk & Stickers :)
BlackHat Training We’re back at BlackHat for our 15th year of training with a selection of courses ranging from introductory courses for beginners through to hardcore courses for experts.
Basic Tools & Techniques for Hackers – Beginner Level Mobile Application Bootcamp – Journeyman Level Web Application Bootcamp – Journeyman Level Black Ops Hacking for Pentesters – Master Level Threat Intelligence using Maltego This one isn’t ours, but our good friends and business partners, Paterva :) BlackHat Arsenal We were fortunate enough to have two tools accepted for BlackHat Arsenal this year. We think building open source tools for the hacker community is an important part of how we roll, and we appreciate ToolsWatch and the NETpeas crews efforts with arsenal.
PwnBank en route to Vegas
Everyone has a mobile phone (ok some have two) and the wealth of information people put into them is staggering. This single platform gives attackers an incredibly large attack surface area to target, so it’s no surprise we *love* owning mobile devices.
With this in mind, the countdown to Blackhat USA has begun and we will be launching our latest iteration of the Mobile hacking course to the eager and thirsty minds that find themselves at the sensory circus that is Las Vegas!
Where SensePost meets the real world
SensePost Training at Blackhat USA
What is SensePost infrastructure training about and what does it give you as a novice pentester? What does it give you as a pentester looking to move into infrastructure hacking? Training at SensePost focuses on learning the Trade and not just the trick, thus our focus is on your testing methodology rather than simply showing you some cool tools. And what is this methodology you may ask, well it is one that aims to emulate real-world scenarios and push you into doing the attacks that are actively happening.
Page 1 of 5
Next