Grey bar Blue bar
Share this:

Wed, 4 Mar 2015

SensePost Training

sensepost_blackhat
Over those years, we've trained thousands of students in the art of offensive and defensive security through our Hacking by Numbers courses.


Our courses are taken directly from the work we do. When we compromise networks, or applications with new techniques, they're turned into modules in the appropriate course. We also don't use trainers; every course is given by one of our analysts to keep it authentic.


For our fifteenth year, we've decided it was time to retire the ‘Hacking by Numbers' name and just call it was it really always has been: SensePost Training.


We've also simplified the path to offensive security mastery with our artisanal, fair trade, hand crafted training courses:


sensepost_training_flow


Beginner


The beginner course lies at the start of the journey. This course doesn't assume anything of the student other than desire to learn. The course will present the background information, technical skill and basic concepts to get a student going in the field of information security (we can't bring ourselves to say “cyber”).


Students will start at learning how to use the command line interface for Linux to get the best out of an offensive Linux tool-set, then delve into networking fundamentals and vulnerability discovery and finally, learn how to exploit common weaknesses within the network, application, mobile and wireless arenas.


The course will serve those wanting to understand the offensive security world as well as those looking to join it. It's a fun course with plenty of hands on exploitation and owning stuff. For more information, visit Blackhat's USA training page here.


Journeyman


‘A journeyman is an individual who has completed an apprenticeship and is fully educated in a trade or craft, but not yet a master' Wikipedia.


The Journeyman layer is where you learn the trade in order to become a master. This layer is where our decade and a half of experience in gaining access to everything from ships to data centers is most evident. Each of the journeyman courses are hands on, fully interactive and teach the latest approaches and techniques for exploiting everything! We've completely revamped the courses and our analysts typically add new techniques as they happen, sometimes even during the course.


The journeyman series contain several courses focused on specific areas of specialisation, from hacking networks and applications, to securing code, to signals (wireless) and advanced second order compromises (spec ops).


If you are looking to expand your skill-set then these courses are for you.


Master


At the top of the learning tree is our brand new Master course. This course is aimed at those students who've completed one or more of the Journeyman courses, or are working senior penetration testers. Nmap's man page, Metasploits internals, or network pivoting should not be new concepts.


This course sets about teaching students how to hack like an APT; with strong offensive focus drawing on the techniques employed in recent industry hacks. Students will be thrown into environments they've never seen before, and forced to rely on wits, or shown how to turn the mundane into the extraordinary.


To learn more about this course being offered at Blackhat USA, head over to here.


Conclusion


When you love what you do, you love showing others how to do it; training is at the heart of what we do at SensePost. Using our decade of BlackHat training experience, we've put a lot of thought into creating some awesome courses for our fellow hackers. We hope to seeing you in one at BlackHat USA Las Vegas 2015.

Mon, 3 Nov 2014

Are you the intern we've been looking for?

intern


 


We're looking for an intern to join our newly formed 'Innovation Centre' arm of SensePost/SecureData. Have a read below for some more information, and drop us a mail if you're interested or would like some more info (glenn@sensepost.com).




The purpose of the Innovation Centre is to offer an incubation hub through which new ideas, concepts and other technical and business innovations can be collected & captured and then rapidly described, prioritised researched, prototyped, tested, advocated and transitioned into the business.


About the Intern Position:


The ideal candidate should have a computer science or similar background, but equivalent work experience or self taught candidates will also be considered. The following specific requirements are required:


* Familiarity with at least one scripting language, preferably Python
* Fundamental understanding of networking
* Linux experience
* A positive attitude with a capable problem solving capabilities


The following points would be seen as a bonus:
* Strong computer science degree
* Industry experience (e.g. holiday internship).
* Web development capabilities
* Security knowledge / experience
* Experience with embedded or similar systems (e.g. Pi, Arduino, etc)


Whilst SensePost is an information security company, this specific internship does not directly relate to an info-sec position, but the projects worked on will relate to info-sec. The internship is for placement in the Innovation Centre. Day to day tasks are likely to include:


* Writing PoC scripts
* Providing support to InnoCentre analysts (e.g. writing Maltego plugins, debugging issues, testing new hardware/software).
* Liaising with partners/clients

Thu, 19 Jun 2014

Release the hounds! Snoopy 2.0

theHounds
Friday the 13th seemed like as good a date as any to release Snoopy 2.0 (aka snoopy-ng). For those in a rush, you can download the source from GitHub, follow the README.md file, and ask for help on this mailing list. For those who want a bit more information, keep reading.

What is Snoopy?


Snoopy is a distributed, sensor, data collection, interception, analysis, and visualization framework. It is written in a modular format, allowing for the collection of arbitrary signals from various devices via Python plugins.


It was originally released as a PoC at 44Con 2012, but this version is a complete re-write, is 99% Python, modular, and just feels better. The 'modularity' is possibly the most important improvement, for reasons which will become apparent shortly.


Tell me more!


We've presented our ongoing work with snoopy at a bunch of conferences under the title 'The Machines that Betrayed Their Masters'. The general synopsis of this research is that we all carry devices with us that emit wireless signals that could be used to:

  • Uniquely identify the device / collection of devices

  • Discover information about the owner (you!)


This new version of snoopy extends this into other areas of RFID such as; Wi-Fi, Bluetooth, GSM, NFC, RFID, ZigBee, etc. The modular design allows each of these to be implemented as a python module. If you can write Python code to interface with a tech, you can slot it into a snoopy-ng plugin.


We've also made it much easier to run Snoopy by itself, rather than requiring a server to sync to as the previous version did. However, Snoopy is still a distributed framework and allows the deployment of numerous Snoopy devices over some large area, having them all sync their data back to one central server (or numerous hops through multiple devices and/or servers). We've been working on other protocols for data synchronisation too - such as XBee. The diagram below illustrates one possible setup:


Architecture Diagram

OK - but how do I use it?


I thought you'd never ask! It's fairly straight forward.

Hardware Requirements


Snoopy should run on most modern computers capable of running Linux, with the appropriate physical adapters for the protocols you're interested in. We've tested it on:

  • Laptop

  • Nokia N900 (with some effort)

  • Raspberry Pi (SnooPi!)

  • BeagleBone Black (BeagleSnoop!)


In terms of hardware peripherals, we've been experimenting with the following:
TechnologyHardwareRange
Wi-FiAWUS 036H100m
BluetoothUbertooth50m
ZigBeeDigi Xbee1km to 80kms
GSMRTL2832U SDR35kms
RFIDRFidler15cm
NFCACR122U10cm


The distances can be increased with appropriate antennas. More on that in a later blog post.

Software Requirements


Essentially a Linux environment is required, but of more importance are the dependencies. These are mostly Python packages. We've tested Snoopy on Kali 1.x, and Ubuntu 12.04 LTS. We managed to get it working on Maemo (N900) too. We're investigating getting it running on OpenWRT/ddWRT. Please let us know if you have success.

Installation


It should be as simple as:
git clone https://github.com/sensepost/snoopy-ng.git
cd snoopy-ng
bash ./install.sh

Usage


Run Snoopy with the command 'snoopy', and accept the License Agreement. We'd recommend you refer to the README.md file for more information, but here are a few examples to get you going:


1. To save data from the wireless, sysinfo, and heartbeat plugins locally:

snoopy -v -m wifi:iface=wlanX,mon=True -m sysinfo -m heartbeat -d <drone name> -l <location name>

2. To sync data from a client to a server:


Server:

snoopy_auth --create <drone name> # Create account
snoopy -v -m server # Start server plugin

Client:
snoopy -v -m wifi:iface=mon0 -s http://<server hostname>:9001/ -d <drone name> -l <location name> -k

Data Visualization


Maltego is the preferred tool to perform visualisation, and where the beauty of Snoopy is revealed. See the README.md for instructions on how to use it.

I heard Snoopy can fly?


You heard right! Well, almost right. He's more of a passenger on a UAV:



There sure is a lot of stunt hacking in the media these days, with people taking existing hacks and duct-taping them to a cheap drone for media attention. We were concerned to see stories on snoopy airborne take on some of this as the message worked its way though the media. What's the benefit of having Snoopy airborne, then? We can think of a few reasons:


  1. Speed: We can canvas a large area very quickly (many square kilometres)

  2. Stealth: At 80m altitude the UAV is out of visual/audible range

  3. Security: It's possible to bypass physical security barriers (walls, men with guns, dogs)

  4. TTL (Tag, Track, Locate): It's possible to search for a known signature, and follow it


We're exploring the aerial route a whole lot. Look out for our DefCon talk in August for more details.

Commercial Use


The license under which Snoopy is released forbids gaining financially from its use (see LICENSE.txt). We have a separate license available for commercial use, which includes extra functionality such as:

  • Syncing data via XBee

  • Advanced plugins

  • Extra/custom transforms

  • Web interface

  • Prebuilt drones


Get in contact (glenn@sensepost.com / research@sensepost.com) if you'd like to engage with us.

Tue, 20 May 2014

Mobile Training Reloaded - Las Vegas

Get some.

Exploiting next gen apps
With the explosion in mobile device popularity and the applications that go along with these, testing mobile application security has become a key skill in every pentester's arsenal. Last year we launched the Hacking by Numbers: Mobile, course at BlackHat Las Vegas and follow up training at BlackHat WestCoast Trainings. This year we are taking Mobile training to the next level with Hacking by Numbers reloaded, Mobile Bootcamp (https://www.blackhat.com/us-14/training/hacking-by-numbers-reloaded-mobile-bootcamp.html)


The course has undergone the full reloaded treatment, with our trainers pouring new tips, tricks and skills into the course, along with incorporating feedback from previous students.

You said mobile?


The mobile space has numerous platforms, each with their own nuances, that would leave any new pentester dizzy. Fortunately this is where the Mobile bootcamp course excels, offering the perfect blend of introductory and advanced techniques, the training is ideal for anyone looking to start testing mobile applications or the experienced tester who is looking to branch out to new platforms.


The training introduces all the core skills required to test applications across the major mobile platforms, particularly:


  • Android

  • IOS

  • Blackberry

  • Windows Phone 8


Training is built around around demonstration and hands-on practical exploitation, with custom practical exercises derived from real-world application security fails.


For a full break-down of the course structure check-out our BlackHat training page (https://www.blackhat.com/us-14/training/hacking-by-numbers-reloaded-mobile-bootcamp.html)

Who should attend?


The course is relevant for attackers, defenders and developers. Students should have some technical ability in Linux, and understand networking fundamentals, but this is a bootcamp level course. Basic programming knowledge is recommended but not essential.


Your trainers will be Etienne (@kamp_staaldraad) and Jurgens, both crazy about mobile security and have executed numerous killshots on all the major mobile platforms.


- Etienne and Jurgens -


 


 

Wireless Bootcamp Training - Las Vegas

Get some.


Wireless hacking, you say?
You may think wireless hacking is nothing new, and you may think it's just not that relevant or exciting. Come along to our BlackHat Wireless Bootcamp course and we'll show you different! We'll teach you the fundamentals every wireless hacker needs to know, but then move onto the really exciting, cutting edge stuff.



Cutting edge WiFi hacking, you say?
At SensePost we really enjoy wireless hacking - mostly because it gets us good results in terms of compromising our targets! With our years of experience in this area we've written our own tools, as well as refined others. In this course we'll reveal new techniques and tools (can you smell 0day?) that we'll hopefully be presenting at the conference, and give you exclusive hands on training with our very own Snoopy framework (a distributed, tracking, data interception, and profiling framework). Two lucky students who capture our CTFs will also go home with pre-built Snoopy drone. Every student will also get their own Alfa WiFi card to take home, as well as the latest Snoopy pre-release (Snoopy will run fine on your laptop too).

Snoopy Drone


What else?
Here's an exact break down of what to expect from this course:
• Wi-Fi theory and background
• Breaking WEP
• Breaking WPA PSK
• Man in the middle attacks for WPA MGT (new attack vectors)
• Breaking WPS
• Wi-Fi Router back doors
• Rogue Access Points attack scenarios (new attack vectors)
• Exclusive Snoopy training


Who should attend?
Anyone interested in WiFi security. The course is relevant for both attackers and defenders (it'll let you put your defense into context). Students should have some technical ability in Linux, and understand networking fundamentals, but this is a bootcamp level course.


Dominic (@singe) and Glenn (@glennzw) will be your instructors. They're both avid wireless hackers, and never leave home without a high gain antenna and an Alfa card! They're looking forward to training you. You can find the sign-up page here.


-Glenn & Dominic