Full Report
The annual Hacker Summer Camp is nearly upon us, everyone at SensePost is getting ready. This is a brief overview of what we’ll be doing. The tl;dr is: BlackHat Training, BlackHat Arsenal x2, Defcon talk & Stickers :) BlackHat Training We’re back at BlackHat for our 15th year of training with a selection of courses ranging from introductory courses for beginners through to hardcore courses for experts. Basic Tools & Techniques for Hackers – Beginner Level Mobile Application Bootcamp – Journeyman Level Web Application Bootcamp – Journeyman Level Black Ops Hacking for Pentesters – Master Level Threat Intelligence using Maltego This one isn’t ours, but our good friends and business partners, Paterva :) BlackHat Arsenal We were fortunate enough to have two tools accepted for BlackHat Arsenal this year. We think building open source tools for the hacker community is an important part of how we roll, and we appreciate ToolsWatch and the NETpeas crews efforts with arsenal.
Analysis Summary
# Industry News: SensePost Highlights 15th Year of BlackHat Training and Open Source Tool Releases
## Summary
SensePost announced its extensive participation in the upcoming Hacker Summer Camp (BlackHat and Defcon 2016), highlighting their 15th year offering a diverse range of cybersecurity training courses, from beginner to master levels. Furthermore, the company will debut two new open-source tools at BlackHat Arsenal: 'autoDANE' for Active Directory exploitation and 'DET' for data exfiltration, alongside presenting research on overlooked USB security aspects at Defcon.
## Key Details
- Date: Announced June 21, 2016 (Context relevant to BlackHat/Defcon 2016)
- Companies Involved: SensePost, Paterva (partner for Maltego training), ToolsWatch, NETpeas (references for Arsenal organization)
- Category: Training Services Update / Product (Tool) Release Announcement / Conference Participation
## The Story
SensePost is leveraging the Hacker Summer Camp ecosystem to showcase its expertise across three core areas: advanced training, open-source development, and novel security research. Their training catalog covers application security (mobile/web), fundamental hacking techniques, and advanced pentesting (Black Ops). Critically, they are releasing two proprietary tools via BlackHat Arsenal: 'autoDANE,' designed to automate lateral movement and privilege escalation in Windows Active Directory environments, and 'DET,' a toolkit for covert data exfiltration. Additionally, a talk at Defcon will focus on practical, end-to-end attacks leveraging overlooked USB security vectors, including air-gapped host compromise via stealth channels, supported by associated open hardware/code releases.
## Business Impact
### For the Companies Involved
- **Training Revenue:** The 15th year of BlackHat training underscores a stable, high-margin revenue stream based on recognized expertise. The diverse course levels target scalable market segments.
- **Visibility and Lead Generation:** High-profile acceptance at Arsenal and Defcon acts as premier marketing, demonstrating cutting-edge offensive capabilities, which directly feeds consulting and enterprise service contracts.
- **Partnerships:** Highlighting Paterva's Maltego course reinforces strategic relationships valuable for joint service offerings.
### For Competitors
- **Training:** Competitors in the application security and penetration testing training space (e.g., specialized bootcamps) face pressure to match the depth and recognized maturity (15 years) of SensePost's offerings.
- **Tooling:** The release of autoDANE and DET sets a benchmark for practical, offensive tool development shared publicly, potentially accelerating defensive countermeasures development against those techniques.
### For Customers
- **Training:** Customers gain access to mature, tested instructional content covering essential modern attack vectors (Mobile, Web Apps) and advanced AD exploitation.
- **Enterprise Risk:** Enterprises face increased risk exposure as cutting-edge exploitation methods (like those in autoDANE) become publicly known, necessitating immediate adoption of updated defense strategies informed by SensePost’s research.
### For the Market
- **Tool Development Focus:** The focus on Active Directory exploitation (autoDANE) and covert data exfiltration (DET) signals these areas as critical gaps currently being leveraged by advanced adversaries.
- **Defensive Urgency:** The Defcon talk on USB security emphasizes that even "air-gapped" security models are vulnerable through overlooked physical/hardware channels, pushing organizations to re-evaluate perimeter definitions.
## Technical Implications
- **autoDANE:** Indicates ongoing automation advancements in post-exploitation phases, specifically lateral movement within domain environments, suggesting attackers are relying less on manual command execution.
- **DET:** Highlights the continued importance of covering diverse egress points beyond standard network configurations for effective data theft prevention.
- **USB Attacks:** The research points toward advanced techniques involving device firmware manipulation or novel HID-based attacks to achieve remote or persistent host control without relying on TCP/IP connectivity.
## Strategic Analysis
- **Market Positioning:** SensePost solidifies its position as a leading thought leader at the intersection of deep technical research, elite training, and practical offensive tool engineering.
- **Competitive Advantage:** Their sustained presence and content release at both Arsenal (tooling) and Defcon (vulnerability research) create an integrated feedback loop: research informs tools, tools inform training, enhancing credibility across all three areas.
- **Challenges:** The company faces the challenge of maintaining the edge in its training and tool releases given the rapid pace of disclosure following major conference events. Releasing potent attack tools also carries a reputational risk if not framed properly within the security disclosure context.
## Industry Reactions
- **Analyst Opinions:** Analysts would likely view this as a standard, high-impact industry event, confirming SensePost's continued relevance in the advanced pentesting and red-teaming education sector.
- **Expert Commentary:** Peers would focus on the specific utility and novelty of the autoDANE and DET tool releases, assessing the operational impact of the USB security findings.
- **Market Response:** Demand for the associated training courses, particularly the "Black Ops" and "Mobile Application" bootcamps, is expected to spike immediately following the event disclosures.
## Future Outlook
- **Predictions:** Expect a surge in vendor offerings focused on improving telemetry within Windows Active Directory environments to detect autoDANE-like automated lateral movement.
- **What to watch for:** The actual Defcon presentation will be crucial for understanding the practical implementation of the air-gapped USB attack, which could drive new hardware security procurement standards.
## For Security Professionals
Professionals must budget for SensePost’s advanced training tracks to keep skills current, particularly concerning AD security automation. Furthermore, practitioners responsible for endpoint and physical security must study the announced USB research to harden critical systems, paying close attention to hardware integrity beyond standard network hygiene.