Grey bar Blue bar
Share this:

Tue, 6 Dec 2011

Competition winner announced

On Saturday Dec 3, at BSides Cape Town we announced the winner of a prize for local information security research. The purpose of the competition was twofold. Firstly, to highlight interesting research produced in .za for the purpose of publicising up 'n coming security folks, since there are a few disparate communities (academic / industry is the greatest split). Secondly, to provide some degree of reward in the form of a cash prize. The prize is (unsurprisingly) not meant to compensate for time spent, but rather to give the typical researcher who conducts the work in their spare time some recognition and perhaps a cool gadget to associate with the work.

The competition was a little disappointing for a single, but significant, reason: the lack of nominations. In all, six people nominated three pieces of work from two researchers. Considering there were four security conferences this year in South Africa, it's not possible that even a reasonable minority of the research produced was considered for the prize. This was a no-strings-attached cash prize; there is no handover of IP or copyright, and no requirements on the winner (though we do offer an interview on our blog to publicise their work, should they choose to). With this in mind, it's strange how few nominations were received; for example, while the competition received some coverage on Twitter, very few nominations originated from there. The timing was tight (competition announced two weeks prior to BSides), but that only accounts for a smaller circumference, not a lack of involvement.

The two nominees were:

Given the small number of nominations, the panel was composed of three SensePost'ers, Dominic, Ian and myself.

The! winner! of! the! R5000! prize! was! Etienne! Stalmans!

In addition, a finder's fee of R500 was offered to the person who nominated the winning entry. Etienne received two nominations, and so a coin was flipped to determine who got the fee; Samuel Hunter was the winner.

Thanks to the Pieter for organising BSides Cape Town and providing us a spot to announce the winners, and thanks to everyone who sent in a nomination. Compliments to both nominees for having their work recognised by others in the community, and congratulations to Etienne for winning the prize.

We remain committed to research and the sponsorship concept, so expect an announcement towards the end of next year and keep an eye open during the year for research that strikes you as interesting.

Tue, 18 Oct 2011

Be Inspired

  • Talented
  • Innovative
  • Quality driven
  • Forward thinking
  • Trusted advisors
  • And …simply good fun!
These are all phrases associated with SensePost. Do you think you have what it takes to become part of our expanding GLOBAL team?

We are looking for more security assessment consultants to join us in the UK and South Africa. Security assessments are what we live and breathe — whether it's foot-printing and obtaining enterprise domain admin rights on production networks, training hundreds at conferences around the world, to reverse-engineering mobile applications and producing cutting-edge security applications.

For over a decade we have helped companies understand their information security liabilities and successfully reduced their risk. We have also pioneered assessment training and supported the infosec community with our tools and research. Few companies can match our offering.

We take pride in our world-class team and the quality of the work we deliver. Personal research and career development are as important to us as performing assessments. We invest in our staff, AND we're not interested in burnout through back-to-back engagements.

So, if you're interested in IT security, have at least 2 years experience of penetration testing and security assessments, or an idea that you think could change this industry, we'd love to hear from you.

Just drop us an email:

Thu, 17 Mar 2011

ITWeb Security Summit

The ITWeb Security Summit is creeping up on us again and will be happening on the 10-11th of May. This year ITWeb went with something slightly different, and are asking for people to suggest who they'd like to see on day 2. These suggestions will then be voted on. So, if there's someone you're dying to see present or a topic you really want someone to spend some time researching, head over to their community portal and write it down.

Thu, 17 Feb 2011

The Yeti is here

After several months of dedicated ... uh dedication, our new network footprinting tool is being made available to the masses.

It's called Yeti and it is a cross-platform, Java application. It's predecessor, BidiBlah, was only available on Windows platforms and hopefully with Yeti we can now offer Internet intelligence gathering to everyone.

So what does Yeti do:

  • Top level domain expansion (tld expand)
  • Forward lookups (mx,ns,a,cname and zone transfers)
  • Reverse lookups (ptr records)
  • Cert Extraction (getting the common name, and domain from ssl certificates)
  • Bing IP/Site searches
  • Report exports to xls format
We invite you all to visit the Yeti community blog and to participate in either testing the tool or just to add comments. Usage instructions can be found on the spyeti blogspot.

In particular we would like to point you to a recent post where we explain our reasoning for continued investment in developing and maintaining footprinting technology.

With the blog, we would like to muster up more of a community feel to our software, and create movement in the footprinting field. Recent successes in the field of Internet intelligence is compelling evidence that this field is untapped.

Yeti is released as Freeware without access to the source.

The plan is to in future maintain both a community freeware edition and a commercial edition.

Sun, 31 Oct 2010

Black Hat Abu Dhabi - Full ... NOT!

The bad news is that our course at Black Hat Abu Dhabi is completely full. The good news is ... they've given us a bigger room! So if you've been told the course is full, or if you haven't registered yet, please do it quickly before it fills up again.

Problems? Please contact us or mail training[at]sensepost[dot]com.