Full Report
The Black Hat Briefings is arguably the most significant technical security conference in the world. It takes every year in Las Vegas and also includes a series of diverse technical training courses. For the sixth time this year SensePost will be presenting a series of courses from our ‘Hacking By Numbers’ range at the briefings. There are a number of courses catered for most levels of technical experience, starting with ‘Cadet Edition’ for novices and ending with ‘Combat’ for expert level hackers.
Analysis Summary
# Industry News: SensePost Deepens Training Portfolio at Black Hat 2007
## Summary
SensePost announced the return of its "Hacking By Numbers" training series for the sixth consecutive year at the prestigious Black Hat Briefings in Las Vegas, featuring significant content updates across its curriculum tailored for all experience levels. The courses emphasize current industry threats and incorporate free distribution and hands-on training for SensePost's proprietary security tools, reflecting an investment in practical application for attendees.
## Key Details
- **Date:** Published July 03, 2007 (Referring to the 2007 conference)
- **Companies Involved:** SensePost, Black Hat Briefings (Host/Venue)
- **Category:** Product/Service Update (Training Content Refresh)
## The Story
SensePost is leveraging the high-profile platform of the Black Hat Briefings to deliver its technical training portfolio. The training, ranging from the novice "Cadet Edition" to expert-level "Combat," has been substantially updated to reflect the latest industry thinking and security challenges. Key enhancements include integrating the newest versions of tools like Wikto, Aura, and BidiBlah, and updating advanced courses (like Bootcamp) to cover current platforms such as Metasploit 3.0 and Nessus 3.0.6. A notable incentive is providing students with free versions of all SensePost tools they utilize during training.
## Business Impact
### For the Companies Involved
- **SensePost:** Reinforces its position as a leading provider of high-level, practical security training, driving expertise into the market and promoting its tool ecosystem. It acts as a major marketing vehicle for their services and proprietary software.
### For Competitors
- **Training Providers:** Sets a high bar for content relevance and tool integration. Competitors must ensure their own Black Hat offerings match the specificity and currency of SensePost's technical depth, particularly regarding proprietary tool usage.
### For Customers
- **Attendees:** Gain access to cutting-edge, practical knowledge on web application security (Ajax hacking, SQL truncation) and penetration testing methodologies, directly applicable to hardening their enterprise defenses. The inclusion of free tools lowers the barrier to continued practice post-conference.
### For the Market
- **Skill Development:** Highlights the market demand for highly specialized, timely training in the face of evolving threats, pushing the overall quality standard for security education upwards, particularly in the web application space.
## Technical Implications
The updates demonstrate a focus on cutting-edge exploitation techniques:
* **Combat Course:** Features new labs on **Ajax hacking** and **SQL truncation**, signaling these technologies (prevalent in Web 2.0 applications) are becoming critical attack surfaces requiring expert defense.
* **Bootcamp Course:** Explicitly incorporating **Metasploit 3.0** confirms the industry’s reliance on this framework for systematic vulnerability validation.
## Strategic Analysis
- **Market Positioning:** SensePost solidifies its prestige pedigree by consistently aligning its training with the most advanced topics discussed at the world's top technical conference.
- **Competitive Advantage:** The bundled offering of free, production-ready tools provides a tangible, immediate value proposition that goes beyond mere theoretical instruction.
- **Challenges:** Maintaining the currency of the content year-over-year requires significant R&D investment, which must be sustained to keep pace with rapidly changing security landscapes.
## Industry Reactions
- **Analyst Opinions:** Analysts likely view this as a benchmark offering. High-quality training at Black Hat is crucial for establishing thought leadership, and SensePost’s longevity in this space suggests strong market acceptance of their focused, hands-on methodology.
- **Market Response:** High demand is expected, especially for expert-level slots, given the explicit inclusion of updates for widely used penetration testing platforms.
## Future Outlook
- **Predictions and expectations:** Future SensePost offerings will likely expand deeper into newer application architectures (e.g., APIs, microservices, if the industry trend continues) and emerging attack vectors that replace the ones being covered now.
- **What to watch for:** Monitoring which other training providers begin bundling their proprietary tools for free to match SensePost’s value proposition.
## For Security Professionals
These courses offer practitioners a direct channel to skill-up on the latest exploitation techniques and defense practices against contemporary web application vulnerabilities, ensuring their knowledge doesn't lag behind threat actors. The opportunity to gain hands-on experience with SensePost’s proprietary tool suite is a significant professional asset.