Community
CSIR Cyber Games
The Council for Scientific and Industrial Research (CSIR) recently hosted the nation Cyber Games Challenge as part of Cyber Security Awareness month. The challenge pit teams of 4-5 members from different institutes against each other in a Capture the Flag style contest. In total there were seven teams, with two teams from Rhodes university, two from the University of Pretoria and three teams from the CSIR.
The games were designed around an attack/defence scenario, where teams would be given identical infrastructure which they could then patch against vulnerabilities and at the same time identify possible attack vectors to use against rival teams. After the initial reconnaissance phase teams were expected to conduct a basic forensic investigation to find ‘flags’ hidden throughout their systems. These ‘flags’ were hidden in images, pcap files, alternative data streams and in plain sight.
Charity Drive – Antarctica Expedition
\
Like many businesses we at SensePost are aware of how fortunate we are and and of the many around us who struggle to make ends meet day to day. We have a heart for our community and regularly supported charities and causes that touch us.
In South Africa its not hard to find causes to support, but one that’s particularly close to my heart is the Little Lambs Christian Daycare in a township in Cape Town called ‘Imizamo Yethu‘ (The People Have Gathered).
CREST South Africa? Let’s talk…
First, some background on CREST in the form of blatant plagiarism…
CREST – The Council for Registered Ethical Security Testers – exists to serve the needs of a global information security marketplace that increasingly requires the services of a regulated and professional security testing capability. They provide globally recognised, up to date certifications for organisations and individuals providing penetration testing services.
For organisations, CREST provides a provable validation of security testing methodologies and practices, aiding with client engagement and procurement processes, and proving that your company is committed to providing testing services to the highest standard.
ITWeb Security Summit 2012
This year, for the fourth time, myself and some others here at SensePost have worked together with the team from ITWeb in the planning of their annual Security Summit. A commercial conference is always (I suspect) a delicate balance between the different drivers from business, technology and ‘industry’, but this year’s event is definitely our best effort thus far. ITWeb has more than ever acknowledged the centrality of good, objective content and has worked closely with us as the Technical Committee and their various sponsors to strike the optimal balance. I don’t think we have it 100% right yet, and there are some improvements and initiatives that will unfortunately only manifest at next year’s event, but this year’s program (here and here) is nevertheless first class and comparable with almost anything else I’ve seen.
Hacking By Numbers – March 2012
Our next locally scheduled training sessions have been planned for March. If you’re interested in attending, the dates and locations are:
1) HBN Extended (Cadet Camp; Bootcamp) 6-9th March
The HBN ‘Extended Edition‘ is simply an intensive extended version of the regular Bootcamp course. Whilst the content and structure are essentially the same as Bootcamp, the Extended Edition offers students a deeper understanding of the concepts being presented and affords them more time to practice the techniques being taught. Extended Edition is currently offered in Switzerland and South Africa only, or can be arranged on request.
Black Hat Abu Dhabi – Full … NOT!
The bad news is that our course at Black Hat Abu Dhabi is completely full. The good news is … they’ve given us a bigger room! So if you’ve been told the course is full, or if you haven’t registered yet, please do it quickly before it fills up again.
Problems? Please contact us or mail training[at]sensepost[dot]com.
ITWeb Security Summit 2010 & Afterparty
The ITWeb security summit is coming up next week from the 11th to 13th of May. This is a conference we’re quite excited about, and have been involved in for the last few years, but most recently, we’ve been able to further our involvement beyond just speaking.
For years I jealously watched as SensePost’ers would trundle all over the world shaking hands and drinking beer with the leet haxors of the world. Then a few years ago, the ITWeb Security Summit brought over Kevin Mitnick. I remember sitting in the audience awe’d not so much by what was said (sorry Kevin, I’m sure it was interesting) but at the fact a real celebrity hacker was meters from me. I still keep his lock-pick business card as a memento. Since then, the summit has gotten bigger and better. ITWeb previously brought out people like Bruce Schneier (who I think thought I was a stalker), David Litchfield, Johnny Long (he’s African now), Johny Cache, Richard Stiennon, Roberto Preatoni and Phil Zimmerman (he video conf’ed in from his hospital bed after emergency heart surgery).
CANSA Shavathon 2010
This past Thursday we received notice that Boogterman & Partners would be a host company for the CANSA Shavathon 2010 taking place on Friday, 05/03/2010. So when I send out an email to everyone at SensePost, little did I know at the time what a huge thing this would turn into. However I really shouldn’t be surprised as this is a typical show of how “We Roll”!
I was challenged (as the only girl in the office) to shave my head for CANSA. Well what can I say, the guys really wanted to see me do this because the enthusiasm was amazing! However more importantly we raised R3000.00 for this worthy cause and I was also able to donate my hair (as it met the length criteria) to make a wig and a R100 also goes to CANSA when they sell it. CANSA Shavathon’s goal was to raise R10 million and it would seem they have raised over R19 million so far which is brilliant! Showing how supportive South Africans are in general to this worthy cause which makes me proud to be South African!
Wishlist for graduates
We were invited to speak at the recent ISSA2009 conference in Joburg, a local mostly academic security conference and I decided to carry a message in addition to the regular demo-style talk with which we try to entertain. By co-incidence, Haroon also had his peer-reviewed talk on Apple Exploitation Defences accepted so there were two SensePosters talking to the tweed jackets. I figured the most important bit of the presentation should be mentioned first, so before we carry on I’d like to present our attacker:
Open Patch Management Survey
Rich Mogull (who’s stuff I really quite dig) has launched an ‘Open Patch Management Survey’ via the SecurityMetrics blog. Its an interesting idea, and they plan to release both their analysis *and* the raw data, which might be really insightful for our VMS stuff.
Corporations can take the SurveyMonkey survey at http://www.surveymonkey.com/s.aspx?sm=SjehgbiAl3mR_2b1gauMibQw_3d_3d, and there’s some nice material already available at http://securosis.com/projectquant.
Here’s the rest of Rich’s message (pls forgive the cross-post):
Our goal here is to gain an understanding of what people are really doing with regards to patch management, to better align the metrics model with real practices. We’re doing something different with this survey. All the results will be made public. We don’t mean the summary results, but the raw data (minus any private or identifiable information that could reveal the source person or organization). Once we hit 100 responses we will release the data in spreadsheet formats. Then, either every week or for every 100 additional responses, we will release updated data. We don’t plan on closing this for quite some time, but as with most surveys we expect an initial rush of responses and want to get the data out there quickly. As with all our material, the results will be licensed under Creative Commons.
Page 1 of 3
Next