Wednesday, 03 December 2008

Sensepost Hacking by Numbers Extended Edition

Last week I attended Sensepost's Cadet and Bootcamp training courses. Cadet is the introductory course and Bootcamp takes it up one notch and really makes the smoke waft out of your ears.

The Sensepost mantra for the training is that is not about the technical ability, but rather the process that one follows to discover potential vulnerabilities in systems and networks. The process that one should follow is basically why, why, why and what next. Question why something is there and then how to exploit the current scenario to get to your next step.

The difficult part for me was knowing what I needed to do next in terms of finding a channel or a user name or password, but it was the actual doing, but that'll come in time and with experience.

I can highly recommend the course, and if fact try and take your manager with you. The instructors stories from assessments that Sensepost has done will get them to take your security budget a bit more seriously.

Also, go on the training because they provide the best food and having the good coffee machine in the training room also doesn't hurt.

1 comment:

Beto said...

thx for the review, im thinking of taking this at black hat