On Saturday Dec 3, at BSides Cape Town we announced the winner of a prize for local information security research. The purpose of the competition was twofold. Firstly, to highlight interesting research produced in .za for the purpose of publicising up 'n coming security folks, since there are a few disparate communities (academic / industry is the greatest split). Secondly, to provide some degree of reward in the form of a cash prize. The prize is (unsurprisingly) not meant to compensate for time spent, but rather to give the typical researcher who conducts the work in their spare time some recognition and perhaps a cool gadget to associate with the work.
The competition was a little disappointing for a single, but significant, reason: the lack of nominations. In all, six people nominated three pieces of work from two researchers. Considering there were four security conferences this year in South Africa, it's not possible that even a reasonable minority of the research produced was considered for the prize. This was a no-strings-attached cash prize; there is no handover of IP or copyright, and no requirements on the winner (though we do offer an interview on our blog to publicise their work, should they choose to). With this in mind, it's strange how few nominations were received; for example, while the competition received some coverage on Twitter, very few nominations originated from there. The timing was tight (competition announced two weeks prior to BSides), but that only accounts for a smaller circumference, not a lack of involvement.
The two nominees were:
Thanks to the Pieter for organising BSides Cape Town and providing us a spot to announce the winners, and thanks to everyone who sent in a nomination. Compliments to both nominees for having their work recognised by others in the community, and congratulations to Etienne for winning the prize.
We remain committed to research and the sponsorship concept, so expect an announcement towards the end of next year and keep an eye open during the year for research that strikes you as interesting.
We are looking for more security assessment consultants to join us in the UK and South Africa. Security assessments are what we live and breathe — whether it's foot-printing and obtaining enterprise domain admin rights on production networks, training hundreds at conferences around the world, to reverse-engineering mobile applications and producing cutting-edge security applications.
For over a decade we have helped companies understand their information security liabilities and successfully reduced their risk. We have also pioneered assessment training and supported the infosec community with our tools and research. Few companies can match our offering.
We take pride in our world-class team and the quality of the work we deliver. Personal research and career development are as important to us as performing assessments. We invest in our staff, AND we're not interested in burnout through back-to-back engagements.
So, if you're interested in IT security, have at least 2 years experience of penetration testing and security assessments, or an idea that you think could change this industry, we'd love to hear from you.
Just drop us an email: firstname.lastname@example.org
The ITWeb Security Summit is creeping up on us again and will be happening on the 10-11th of May. This year ITWeb went with something slightly different, and are asking for people to suggest who they'd like to see on day 2. These suggestions will then be voted on. So, if there's someone you're dying to see present or a topic you really want someone to spend some time researching, head over to their community portal and write it down.
After several months of dedicated ... uh dedication, our new network footprinting tool is being made available to the masses.
It's called Yeti and it is a cross-platform, Java application. It's predecessor, BidiBlah, was only available on Windows platforms and hopefully with Yeti we can now offer Internet intelligence gathering to everyone.
So what does Yeti do:
In particular we would like to point you to a recent post where we explain our reasoning for continued investment in developing and maintaining footprinting technology.
With the blog, we would like to muster up more of a community feel to our software, and create movement in the footprinting field. Recent successes in the field of Internet intelligence is compelling evidence that this field is untapped.
Yeti is released as Freeware without access to the source.
The plan is to in future maintain both a community freeware edition and a commercial edition.
The bad news is that our course at Black Hat Abu Dhabi is completely full. The good news is ... they've given us a bigger room! So if you've been told the course is full, or if you haven't registered yet, please do it quickly before it fills up again.
Problems? Please contact us or mail training[at]sensepost[dot]com.