Our courses are taken directly from the work we do. When we compromise networks, or applications with new techniques, they're turned into modules in the appropriate course. We also don't use trainers; every course is given by one of our analysts to keep it authentic.
For our fifteenth year, we've decided it was time to retire the ‘Hacking by Numbers' name and just call it was it really always has been: SensePost Training.
We've also simplified the path to offensive security mastery with our artisanal, fair trade, hand crafted training courses:
The beginner course lies at the start of the journey. This course doesn't assume anything of the student other than desire to learn. The course will present the background information, technical skill and basic concepts to get a student going in the field of information security (we can't bring ourselves to say “cyber”).
Students will start at learning how to use the command line interface for Linux to get the best out of an offensive Linux tool-set, then delve into networking fundamentals and vulnerability discovery and finally, learn how to exploit common weaknesses within the network, application, mobile and wireless arenas.
The course will serve those wanting to understand the offensive security world as well as those looking to join it. It's a fun course with plenty of hands on exploitation and owning stuff. For more information, visit Blackhat's USA training page here.
‘A journeyman is an individual who has completed an apprenticeship and is fully educated in a trade or craft, but not yet a master' Wikipedia.
The Journeyman layer is where you learn the trade in order to become a master. This layer is where our decade and a half of experience in gaining access to everything from ships to data centers is most evident. Each of the journeyman courses are hands on, fully interactive and teach the latest approaches and techniques for exploiting everything! We've completely revamped the courses and our analysts typically add new techniques as they happen, sometimes even during the course.
The journeyman series contain several courses focused on specific areas of specialisation, from hacking networks and applications, to securing code, to signals (wireless) and advanced second order compromises (spec ops).
If you are looking to expand your skill-set then these courses are for you.
At the top of the learning tree is our brand new Master course. This course is aimed at those students who've completed one or more of the Journeyman courses, or are working senior penetration testers. Nmap's man page, Metasploits internals, or network pivoting should not be new concepts.
This course sets about teaching students how to hack like an APT; with strong offensive focus drawing on the techniques employed in recent industry hacks. Students will be thrown into environments they've never seen before, and forced to rely on wits, or shown how to turn the mundane into the extraordinary.
To learn more about this course being offered at Blackhat USA, head over to here.
When you love what you do, you love showing others how to do it; training is at the heart of what we do at SensePost. Using our decade of BlackHat training experience, we've put a lot of thought into creating some awesome courses for our fellow hackers. We hope to seeing you in one at BlackHat USA Las Vegas 2015.
SensePost today is proud to announce the completion of a contract that will see the company recognized as the world's first “Approved Maltego Solution Provider” (AMSP) and the exclusive provider of this kind in the UK and Southern Africa.
SensePost was founded in 2000 and has developed into one of the worlds leading Information Security Services companies with offices in London, Cape Town and Pretoria. As trusted advisors it has always been our mission to provide our customers with insight, information and systems to enable them to make strong decisions about Information Security that support their business performance. Whilst this mission has traditionally expressed itself in technical security analysis services like Vulnerability Assessment and Penetration Testing we recognise that the threat landscape is constantly changing and that new and more complex realities necessitate the use of sophisticated new skills, tools and techniques with which to support our clients.
“This strategic alliance perfectly fits the ‘Assess-Detect-Protect-Respond' framework that drives the way we design, sell and deliver our service. It's the perfect evolution of our growing services offering.” says Etienne Greef, CEO of the SensePost group holding company SecureData, who's strategy is at the core of this new initiative.
‘Maltego', built by Paterva, is a powerful suite of software tools used for data mining, link analysis and data visualization, giving the user the ability to extract large volumes of data from diverse sources and then analyze it to understand the patterns and relationships it reveals. In the modern digital age these techniques are used to convert data into information and thereby extract concrete value that can be used for effective decision-making.
Maltego is a highly regarded and popular platform used extensively in Open Source Intelligence Gathering, Infrastructure Analysis for Penetration Testing, Cyber Attack Analysis, Fraud Detection and Investigation, Security Intelligence, Information Security Management, Research and more.
This partnership between SensePost and Paterva (who produce the Maltego software) builds on the companies' shared roots and intellectual heritage and will allow both companies to serve their customers and fulfil their respective missions better.
As an AMSP SensePost will be authorised to provide integration, consulting, support and training for the Maltego tools with full endorsement, support and assistance directly from Paterva. This new capability, combined with an existing wealth of information security skills and experience, uniquely positions SensePost to advise and support clients seeking to exploit the unique strategic advantage the Maltego toolset can offer.
We recently ran our Black Hat challenge where the ultimate prize was a seat on one of our training courses at Black Hat this year. This would allow the winner to attend any one of the following:
Simply trying out this feature and viewing how it functions. Viewing the feed tester result, we noticed that the contents of the XML formatted RSS feed were echoed and it became clear that this may be vulnerable to XXE. The first step would be to try a simple XML payload such as:
It looks like we have some more XML being submitted.. Again we tried XXE and found that using "file://" in our payload created an error. There were ways around this, however the returned data would be truncated and we would not be able to see the full contents of flag2.txt... When stuck with XXE and not being able to see the result (or complete result) there is always the chance that we can get the data out via the network. To do this we needed to generate a payload that would allow us to fetch an external DTD and then "submit" the contents of our target file to a server under our control. Our payload on our server looked like this:
As soon as the XML decoder parsed our malicious payload, we would receive the base64 encoded contents on our server:
Now it was a simple matter of decoding the payload and we had the second flag. This was not the only way to get flag 2! It was the most "fun" way of doing it though and used a really handy method. Remember it for your next pentest...
The two runners up who both can claim one of our awesome 2014 t-shirts:
Vitaly aka @send9
Sash aka @secdefect
Starting-point: Read the contents of /home/spuser/flag1.txt
Once you've completed the challenge, email us with a screenshot of your victory and a short overview of how you did it.
The prize: The winner of this challenge will be offered a free seat on any one of the SensePost training courses at Black Hat 2014.
It's almost Black Hat time again and as always SensePost will be presenting numerous Hacking by Numbers training course, which we've rewritten this year. For more information on the training courses on offer at Black Hat this year, check out:
Why Infrastructure Hacking Isn't Dead
If you work in IT Security you may have heard people utter the phrase,
“Infrastructure hacking is dead!”
We hear this all the time but in all honesty, our everyday experience of working in the industry tells a completely different story.
With this in mind we've decided to factor out our “infrastructure related h@x0ry” from our Bootcamp Course and create a brand spanking new one, completely dedicated to all things ‘infrastructure'.
What You'll Learn
We've re-loaded this course to not only reinforce basic footprinting methodologies - which to be honest, are essential for target acquisition - but to also enable you to exploit common, real-world vulnerabilities.
But that's not all.
We've also highlighted methods for compromising Microsoft Active Directory infrastructures - something that's typical for corporate environments. The way in which we approach this is thorough, effective and shows you how to become DA without necessarily pulling all of your hair out.
A complete company takeover is really just a matter of time.
Get Hands-On Experience
As with all SensePost training courses, we don't just want you to sit there and watch us talk for a few days. Where's the fun in that and how on earth will you get real, tangible experience if you're just sat in a chair?
Not only will we all be doing practicals at the end of each topic, we've also created a brilliant culmination exercise:
“You'll need to compromise a company via the Internet and steal as much data as possible!”
The Bottom Line
The brand new Bootcamp Reloaded Infrastructure will provide you with a thorough introduction to real world hacking of corporate environments. You'll learn everything you need to successfully compromise most corporate networks out there.
For more information on our training offering, head over to here.