Training
BlackOps – Post Exploitation Fun and Games
Brilliant, the client has decided to implement their own CMS and you’ve found a variable that’s vulnerable to SQL injection. Starting up your favourite SQL exploitation tool, you upload a suitable web shell and fire up the browser. In an instant, you control that server, but do you really own the box?
Looking back at the major hacks of the last 18 months, attackers used a variety of techniques to obtain sensitive information. For the RSA hack, social engineering was used, allegedly consisting of a malicious Excel spreadsheet sent from a web master at a recruitment website. Once loaded, Poison Ivy was dropped on the host and the games began. Attackers started recon exercises, pivoting between hosts and finally exfiltrated the data (the rest is well-known and publicised). In the case of HBGary, attackers compromised their systems using a similar approach as the RSA attackers did: target an individual using social engineering using an earlier toehold to expand to a foothold. These types of attackers might have a fancy new name (Advanced Persistent Threats) but at the end of the day, they are using techniques that have been around for a while.
Black Hat Training Classes Update
Hey All,
We’re about locked and loaded down here in ZA – ready to tackle the looooong journey to Vegas for Black Hat. If you’re headed to Black Hat but haven’t yet booked training there’s still time, so I thought I’d push out a brief update on what’s still available from our stable of courses. As many of our courses have sold out we opened second classrooms and as a result have plenty of space to accommodate late comers!
BlackHat Challenge
This year marks a special anniversary for us at SensePost in that we’ve been training at BlackHat for over a decade now. To celebrate this, we thought we’d give away a free ticket to any of our courses on offer at this year’s BlackHat Briefings in Las Vegas.
With data breaches happening almost on a monthly basis these days, everyone is turning to encryption in order to protect their information. Bob, a rather tech-savvy gentleman, works for a FTSE 100 company and they’ve written their own secure message implementation. You’ve been tasked to perform a penetration test and noticed that after compromising their shared document server, an internal web application leaked the source code used by the company for the client and the server.
Hacking By Numbers – March 2012
Our next locally scheduled training sessions have been planned for March. If you’re interested in attending, the dates and locations are:
1) HBN Extended (Cadet Camp; Bootcamp) 6-9th March
The HBN ‘Extended Edition‘ is simply an intensive extended version of the regular Bootcamp course. Whilst the content and structure are essentially the same as Bootcamp, the Extended Edition offers students a deeper understanding of the concepts being presented and affords them more time to practice the techniques being taught. Extended Edition is currently offered in Switzerland and South Africa only, or can be arranged on request.
Press Release – London Hacking & Security Courses
School’s never out for the Pro!
We’re proud to announce that we are now offering our highly successful penetration testing training courses to the UK market from 2012.
SensePost has been providing penetration testing training courses to corporates and governments across the globe, and at prestige security events such as Black Hat and OWASP for over a decade. Initially, three courses in London for 2012 have been organised:
HBN Extended Edition (4 days) – 13-17, February 2012 HBN W^3 Edition (3 days) – 14-16 March 2012 HBN Unplugged (2 days) – 18-19 April 2012 The first course, HBN Extended Edition is set at an introductory level for technical people without experience in the world of hacking or penetration testing. It presents attendees with the background information, technical skill and basic concepts that are required to get started in this field.
Black Hat Abu Dhabi && Cadet Online Edition
Black Hat will host its second event in the Middle East in Abu Dhabi with a full contingent of selected Training and three tracks of Briefings over four days from December 12 to 15 December 2011.
We’re pleased to announce that SensePost will be back again this year with our exciting new Wifi hacking course – Hacking By Numbers, Unplugged Edition, launched for the 1st time in Las Vegas this year. This course is fresh and exciting and was an amazing success at Black Hat earlier this year. You can register directly on the Black Hat site, or contact us if you want more information.
SensePost @ 44Con – Join us!
Until recently, there was a distinct lack of decent, high-quality technical security conferences held in the United Kingdom. Home to the Global Financial Centre, London, there isn’t a shortage of industries who require secure applications and rely on secure infrastructure and applications to operate.
With this in mind, 44Con is the first combined information security conference and training event held in Central London. The con will provide business and technical tracks, aimed at government, public sector, financial, security professionals and Chief Security Officers.
SensePost Black Hat Course Summary & chosing the right courses
As we draw nearer to Black Hat Vegas we get a lot of requests from people who need help choosing between one of our courses or the other. In order to provide people with a single, consolidated summary of all the courses we’ll be offering this year I’ve put together a rough summary doc that outlines all the courses and attempts to illustrate how they fit together. Get it here:
Hacking By Numbers: W^3 Edition
Well, we’re ramping up with the new Hacking By Numbers W^3 edition course we will be presenting at BlackHat Vegas this year. This course is a replacement for the Web2.0 course we successfully presented over the past three years and sports a whole bunch of new and improved practicals. We’ve also upped the technology being used and the presentation is chock-full of ASCII sheep… :)
The new course is an intermediate web application hacking course, and will deal with the following topics
Hacking by Numbers: BlackOps Edition
The brand new BlackOps HBN course makes its debut in Vegas this year. The course finds its place as a natural follow on from Bootcamp, and prepares students for the more intense Combat edition. Where Bootcamp focuses on methodology and Combat focuses on thinking, BlackOps covers tools and techniques to brush up your skills.
This course is split into eight segments, covering scripting, targeting, compromise, privilege escalation, pivoting, exfiltration, client-side and and even a little exploit writing. BlackOps is different from our other courses in that it is pretty full of tricks, which are needed to move from the methodology of hacking to professional-level pentesting. It’s likely to put a little (more) hair on your chest.