Full Report
What originally started as one of those “hey, wouldn’t this be cool?” ideas, has blossomed into a yearly event for us at SensePost. SenseCon is a time for all of us to descend on South Africa and spend a week, learning/hacking/tinkering/breaking/building, together and in person. A few years ago we made the difficult, and sometimes painful, shift to enable remote working in preparation for the opening of our UK and Cape Town offices. Some of you probably think this is a no-brainer, but the benefit of being in the same room as your fellow hackers can’t be overlooked. Being able to call everyone over to view an epic hack, or to ask for a hand when stuck is something tools like Skype fail to provide. We’ve put a lot of time into getting the tech and processes in place to give us the “hackers in the same room” feel, but this needs to be backed with some IRL interaction too.
Analysis Summary
# Main Topic
The provided text describes SenseCon, an annual in-person event hosted by SensePost in South Africa focused on collaborative learning, hacking, tinkering, breaking, and building among security professionals. It emphasizes the value of in-person interaction over remote tools for complex technical collaboration.
## Key Points
- SenseCon serves as a dedicated, stress-free environment for intense learning and creativity, supplementing the company's existing remote work infrastructure.
- The event features training sessions (e.g., electronics/Arduino from House 4 Hack) and a 24-hour Hackathon for developing internal tools and security concepts.
- The summary details several specific projects developed during the hackathon, representing internal capability development and proof-of-concept security tools.
## Threat Actors
- No external threat actors (e.g., APTs, criminal groups) are mentioned. The focus is on the internal "hackers" and analysts of SensePost developing tools.
- **Internal/Adversarial Persona:** SensePost analysts developing payloads and attack tools for client engagements or research (e.g., "Panda and Sara," "Vladislav").
## TTPs
The article details offensive security techniques and tools developed during the hackathon, which can be considered 'research TTPs':
- **Payload Development:** Creating "Bender," a professional SensePost beaconing payload for moving from spear-phishing to persistent internal network access.
- **Radio Frequency/SDR:** Implementing Software Defined Radio (SDR) to track and decode aeroplane transponder signals (SensePost Radar).
- **Wi-Fi Exploitation:** Implementing a new KARMA rogue-AP attack and using `wifi-deauth` packets for denial of service/disruption (WiFi Death Flag).
- **Mass Vulnerability Scanning:** Developing Maltego transforms for rapid mass scanning of large netblocks to quickly identify vulnerable hosts ("How to Pwn a Country").
- **Fuzzing:** Bug hunting via fuzzing against a commercial mail platform and Websense.
- **Collaborative Pentesting:** Developing a Burp Collaboration tool using Jabber transport for multi-analyst Burp session collaboration.
## Affected Systems
The projects target or utilize various systems:
- **Embedded Hardware:** Beagle Bone and Raspberry Pi (for pORTAL device implementation).
- **Network Infrastructure:** Wi-Fi networks (for deauthentication and rogue AP attacks).
- **Commercial Software:** Commercial mail platforms and Websense (targeted via fuzzing).
- **Hardware Devices:** Cheap Wi-Fi cameras (targeted via deauth).
## Mitigations
Mitigations are generally implied through the development of internal defense/counter-research tools, but no formal security controls are explicitly listed as recommendations:
- **Internal Tool Development:** Creation of enhanced payloads (Bender) and collaborative tools suggests an effort to professionalize internal offensive capabilities, which often precedes the development of corresponding defenses.
- **Research Focus:** Bug hunting and vulnerability discovery implies feeding findings back into security hardening processes.
## Conclusion
SenseCon is presented as a critical internal incubator for security innovation, bridging the gap between creative R&D and professional security objectives. The projects developed highlight current research vectors in SDR, Wi-Fi attacks, and offensive payload engineering that SensePost analysts are pursuing.
***
**Note on Context Alignment:** The provided context is an event wrap-up, not a traditional threat intelligence report detailing an external attack campaign. Therefore, the sections for Threat Actors, IoCs (none present), Affected Systems, and Mitigations are populated based on the *research topics* and *tools* discussed during the event, which represent an internal focus on threat *capability* development. No defanged IoCs were present in the source material.