Today was our 13th birthday. In Internet years, that's a long time. Depending on your outlook, we're either almost a pensioner or just started our troublesome teens. We'd like to think it's somewhere in the middle. The Internet has changed lots from when SensePost was first started on the 14th February 2000. Our first year saw the infamous ILOVEYOU worm wreak havoc across the net, and we learned some, lessons on vulnerability disclosure, a year later we moved on to papers about "SQL insertion" and advanced trojans. And the research continues today.
We've published a few tools along the way, presented some (we think) cool ideas and were lucky enough to have spent the past decade training thousands of people in the art of hacking. Most importantly, we made some great friends in this community of ours. It has been a cool adventure, and indeed still very much is, for everyone who's has the pleasure of calling themselves a Plak'er. Ex-plakkers have gone on to do more great things and branch out into new spaces. Current Plakkers are still doing cool things too!
But reminiscing isn't complete without some pictures to remind you just how much hair some people had, and just how little some people's work habit's have changed. Not to mention the now questionable fashion.
Fast forward thirteen years, the offices are fancier and the plakkers have become easier on the eye, but the hacking is still as sweet.
As we move into our teenage years (or statesman ship depending on your view), we aren't standing still or slowing down. The team has grown; we now have ten different nationalities in the team, are capable of having a conversation in over 15 languages, and have developed incredible foos ball skills.
This week, we marked another special occasion for us at SensePost: the opening of our first London office in the trendy Hackney area (it has "hack" in it, and is down the road from Google, fancy eh?). We've been operating in the UK for some time, but decided to put down some roots with our growing clan this side of the pond.
And we still love our clients, they made us who we are, and still do. Last month alone, the team was in eight different countries doing what they do best.
But with all the change we are still the same SensePost at heart. Thank you for reminiscing with us on our birthday. Here's to another thirteen years of hacking stuff, having fun and making friends.
In South Africa its not hard to find causes to support, but one that's particularly close to my heart is the Little Lambs Christian Daycare in a township in Cape Town called 'Imizamo Yethu' (The People Have Gathered).
The Little Lambs Daycare provides Early Childhood Development services and care to the poor in the community of Imizamo Yethu. The daycare operates 5 days per week and 12 Staff members — also from the community — cater and provide a safe learning space for 200 children aged 1 to 6 while their parents can seek work in the nearby town. I've been involved with the daycare for many years now and so I use every opportunity to raise awareness and support for the important work its doing. One way to do that is through a hobby ... endurance running.
Over the last 4 years I've run across the hottest, driest and harshest deserts in the world, over 250km at a time and completely self-supported, as a competitor in the 4 Deserts rough-country endurance footrace series. A unique collection of world-class events that take place over 7 days and 250 kilometers in the largest and most forbidding deserts on the planet. In line with the competition's ethos I've tried to use the interest the races generate to help raise awareness and support for Little Lambs.
This year I face my greatest challenge - a 6 day, 250km self-supported foot race in Antartica. Sixty individuals representing nearly thirty countries are expected to compete in over terrain that will be largely snow (from a few centimeters to a meter deep) with temperatutes as low as -20 °C.
I'm hoping to raise R 200 (about $ 20) for every kilometer I run - raising R 50,000 in total for this beautiful and important project.
I can't vouch for the security of the donations site. But if you're not comfortable to leave your CC details in there, please contact me and I'll give you details for a direct transfer. Please don't hack them though ... that's not what Jonny meant with 'I Hack Charities'.
Here are all the links:
1. Little Lambs - http://www.littlelambs.org.za/
2. The 'Help Lambs Run' Facebook page, where I post news and updates - http://www.facebook.com/HelpLambsRun
3. Racing the Planet - http://www.4deserts.com/thelastdesert/
4. Donations site (for donating, not hacking) - http://www.doit4charity.org.za/fundraising/Charl.van.der.Walt
Shane Kemp, Daniel Cuthbert and Dominic White will be promoted to Global Sales Manager, Chief Operations Officer and Chief Technology Officer respectivley and will join SensePost's senior leadership structures, effective 01 October 2012.
The three new c-levels, along with a number of other emergent leaders, will be commencing a training and development program spanning a number of months as they gradually assume their new responsibilities.
These appointments follow on recent promotion of Yvette du Toit to Business Development Manager for the Africa region, Rogan Dawes as Assessments Manager as well as Behrang Fouladi and Ian de Villiers to our recently established Research Division (more on that to come).
We have a vision to build a dynamic global business that will impact our clients and the community in general in a lasting and meaningful way. To achieve that we need to attract the best people in the game and give them every opportunity to develop, to achieve and ultimately to make their mark on our business and our industry. These appointments will not only stretch and challenge these three guys and their teams, it will also optimally position SensePost to leverage of its current position of strength to redefine itself, innovate and grow.We were looking for a new generation of leaders who not only had the required skill and experience, but who also represented our company's core values of honesty and integrity combined with technical excellence and passion a for information security. We believe that in this team we have that. We expect that over time the new leaders will bring their own unique style to the way SensePost is run, but we're confident that the technical, business and ethical values that have characterized us as a company over the last 13 years will remain intact.
We're proud of them all and wish them the best of luck!
We're about locked and loaded down here in ZA - ready to tackle the looooong journey to Vegas for Black Hat. If you're headed to Black Hat but haven't yet booked training there's still time, so I thought I'd push out a brief update on what's still available from our stable of courses. As many of our courses have sold out we opened second classrooms and as a result have plenty of space to accommodate late comers!
Here's the deal:
1. "Cadet" is our intro course. We only offer it on the weekend (21st & 22nd) but its really popular so we've opened a 2nd classroom. Plenty of space available, so sign up!
2. "Bootcamp" is our novice course. We've opened up additional classrooms also, so we can accommodate at least 9 more people.
3. Our "Unplugged" Wifi course is sold out and we simply can't take any more people there unfortunately.
4. "BlackOps" is our post-exploitation course. It has sold really well this year, but we do still have a handful of seats available if you hurry.
5. "W^3" is our web hacking course. It only runs during the week (23rd & 24th) but we have a a nice spacious classroom so there are still plenty of seats available. Classic web hacking goodness.
6. "Combat" is our advanced CTF based training lab. It is an amazing course if you're already an experienced pentester. We keep the classroom sizes small, but we could possibly accommodate another 5 people on the weekend and maybe 10 people during the week.
If you need help selecting the right course, or getting registered, please contact us via training[at]sensepost[dot]com.
If you're based outside the US and won't be making Vegas this year, there's still hope! Check out these two other events where we'll be offering courses:
We're proud to announce that we are now offering our highly successful penetration testing training courses to the UK market from 2012.
SensePost has been providing penetration testing training courses to corporates and governments across the globe, and at prestige security events such as Black Hat and OWASP for over a decade. Initially, three courses in London for 2012 have been organised:
- HBN Extended Edition (4 days) — 13-17, February 2012
- HBN W^3 Edition (3 days) — 14-16 March 2012
- HBN Unplugged (2 days) — 18-19 April 2012
The second course, HBN W^3 Edition, is a highly practical, intermediate web application hacking course for those with some experience in security assessment and penetration testing. The course provides a refresher of HTTP and associated technologies before commencing with more advanced level attacks ranging from assessment techniques of traditional web applications, to newer technologies such as AJAX, rich client media and HTML 5.
Finally, the third course, HBN Unplugged Edition, is an entry-level wireless/ wi-fi security training course. With a strong focus on results, the course outlines three broad offensive scenarios for wi-fi hacking and then presents students with the background knowledge, methodologies, tools and thinking skills required to successfully breach security in each of those scenarios.
All the courses are suitable for those responsible for penetration testing and security assessments including Information Security Officers, System and Network Administrators, Security Consultants and Government agents.
We've been running these courses successfully for years, and in response to the high demand from our UK clients, who are increasingly looking to improve their in-house skills and capabilities in penetration testing we are now offering them in the UK. With so few companies delivering effective security courses for those responsible for penetration testing and security assessments we knew there was a gap in the marketplace plus a real need.