Grey bar Blue bar
Share this:

Wed, 21 Dec 2011

The first one...

My name is Kabelo Ramtse, a second year engineering student at the University Of Cape Town. Today is the last day of my internship which ran for four weeks during my December vacation at the Cape Town office.

Internships are a new idea at SensePost aimed at students and are intended to give them exposure to the information security industry. I am the first person to take part in the program.

My main responsibility was to chronologically order, summarize and upload past SensePost presentations. The presentations are available here. The presentations Setiri and Breaking the bank are two of my favorites. Reading through the presentations taught me alot about information security and made me even more keen to increase my knowledge in this field. Meeting the big boss and getting mini lectures from Marco was cool.

Tomorrow I fly home to Jo'burg to enjoy the rest of my vacation. Merry Christmas and happy new year!

Thu, 15 Dec 2011

Press Release - London Hacking & Security Courses

School's never out for the Pro!

We're proud to announce that we are now offering our highly successful penetration testing training courses to the UK market from 2012.

SensePost has been providing penetration testing training courses to corporates and governments across the globe, and at prestige security events such as Black Hat and OWASP for over a decade. Initially, three courses in London for 2012 have been organised:

  1. HBN Extended Edition (4 days) — 13-17, February 2012
  2. HBN W^3 Edition (3 days) — 14-16 March 2012
  3. HBN Unplugged (2 days) — 18-19 April 2012
The first course, HBN Extended Edition is set at an introductory level for technical people without experience in the world of hacking or penetration testing. It presents attendees with the background information, technical skill and basic concepts that are required to get started in this field.

The second course, HBN W^3 Edition, is a highly practical, intermediate web application hacking course for those with some experience in security assessment and penetration testing. The course provides a refresher of HTTP and associated technologies before commencing with more advanced level attacks ranging from assessment techniques of traditional web applications, to newer technologies such as AJAX, rich client media and HTML 5.

Finally, the third course, HBN Unplugged Edition, is an entry-level wireless/ wi-fi security training course. With a strong focus on results, the course outlines three broad offensive scenarios for wi-fi hacking and then presents students with the background knowledge, methodologies, tools and thinking skills required to successfully breach security in each of those scenarios.

All the courses are suitable for those responsible for penetration testing and security assessments including Information Security Officers, System and Network Administrators, Security Consultants and Government agents.

We've been running these courses successfully for years, and in response to the high demand from our UK clients, who are increasingly looking to improve their in-house skills and capabilities in penetration testing we are now offering them in the UK. With so few companies delivering effective security courses for those responsible for penetration testing and security assessments we knew there was a gap in the marketplace plus a real need.

You can click here for more information, or contact us for direct support.

Tue, 6 Dec 2011

Competition winner announced

On Saturday Dec 3, at BSides Cape Town we announced the winner of a prize for local information security research. The purpose of the competition was twofold. Firstly, to highlight interesting research produced in .za for the purpose of publicising up 'n coming security folks, since there are a few disparate communities (academic / industry is the greatest split). Secondly, to provide some degree of reward in the form of a cash prize. The prize is (unsurprisingly) not meant to compensate for time spent, but rather to give the typical researcher who conducts the work in their spare time some recognition and perhaps a cool gadget to associate with the work.

The competition was a little disappointing for a single, but significant, reason: the lack of nominations. In all, six people nominated three pieces of work from two researchers. Considering there were four security conferences this year in South Africa, it's not possible that even a reasonable minority of the research produced was considered for the prize. This was a no-strings-attached cash prize; there is no handover of IP or copyright, and no requirements on the winner (though we do offer an interview on our blog to publicise their work, should they choose to). With this in mind, it's strange how few nominations were received; for example, while the competition received some coverage on Twitter, very few nominations originated from there. The timing was tight (competition announced two weeks prior to BSides), but that only accounts for a smaller circumference, not a lack of involvement.

The two nominees were:

Given the small number of nominations, the panel was composed of three SensePost'ers, Dominic, Ian and myself.

The! winner! of! the! R5000! prize! was! Etienne! Stalmans!

In addition, a finder's fee of R500 was offered to the person who nominated the winning entry. Etienne received two nominations, and so a coin was flipped to determine who got the fee; Samuel Hunter was the winner.

Thanks to the Pieter for organising BSides Cape Town and providing us a spot to announce the winners, and thanks to everyone who sent in a nomination. Compliments to both nominees for having their work recognised by others in the community, and congratulations to Etienne for winning the prize.

We remain committed to research and the sponsorship concept, so expect an announcement towards the end of next year and keep an eye open during the year for research that strikes you as interesting.