Reading time ~3 min

Posted by Szymon Ziolkowski on 17 July 2023

It’s that time of year again where we head out to the desert, more specifically Las Vegas, for what is known as Hacker Summer Camp to attend Black Hat and DEF CON 31! Like previous years, the SensePost team will be present in full force delivering talks, training and hanging out at numerous occasions. For an idea on what we’ve got lined up, check out the rest of this blog post. If you’re keen to meet up, feel free to reach out!

Training

Celebrating being a part of Black Hat for 22 years and more recently DEF CON and Ringzer0, we’re always excited for opportunities to share knowledge (and geek out on all things offensive security).

This year we’re delivering numerous courses at Hacker Summer Camp ranging from Infrastructure, Web, Mobile, Wi-Fi and Active Directory hacking. Whether you’re seeking introductory insights, intermediate skill-building, or specialised technical training, we have crafted courses that cater to various proficiency levels and interests.

We are giving the following courses at Black Hat US 23:

• William Vermaak and Jacques Coertze are presenting two sessions of “A Journey Into Mobile Application Hacking (iOS & Android)” on Saturday, 5th of August and Monday, 7th of August.
• Marianka Botes and Aubrey Labuschagne are presenting two sessions of “Hands-On Hacking Fundamentals – 2023 Edition” on Saturday, 5th of August and Monday, 7th of August.
• Darryn Cull and Deon Willemse are presenting “Tactical Hacking Essentials – 2023 Edition” on Saturday, 5th of August.
• Michael Kruger and Szymon Ziolkowski are presenting “Unplugged: Modern Wi-Fi Hacking” on Saturday, 5th of August.

John Iatridis will be presenting “Advanced Active Directory Exploitation” at Ringzer0 on the 5th of August.

We will also provide three courses at DEF CON 31, which will take place on the 14th and 15th of August:

• Aubrey Labuschagne is presenting “API Exploration and Exploitation“.
• John Iatridis will be presenting “Advanced Active Directory Manipulation“.
• Szymon Ziolkowski is presenting “Web Hacking Bootcamp“.

Talks

Each year we encourage everyone internally to share their research at conferences like Black Hat and DEF CON. This year is no different, and we have two talks taking place at DEF CON 31.

1 – Felipe Molina de la Torre at DEF CON 31, AppSec Village

Felipe will be talking about the current, arguably surprising state of Content Security Policies in the wild using data collected by scanning top one million websites. Using an assessment where Felipe identified a possible XSS vector and CSP prevented exploitation, Felipe found that he could abuse a trust relationship with a third-party to exploit the XSS vulnerability for impact. Curious about how prevalent and effective CSP policies are today? This one is for you.

2 – Thomas Bygodt at the DEF CON 31, Hardware Hacking Village

For the past couple years Thomas has focused on hardware hacking, primarily motivated by the need to know more about it. Thomas did so by looking for vulnerabilities within smart locks, where his journey resulted in some great finds that include a vulnerability that would allow you to remotely open several thousand certain smart locks. In this talk Thomas will go over his methodology, the issues he found as well as to show that hardware hacking isn’t always as hard as it looks.