SensepostInterview

From Security Weekly Wiki
Jump to navigationJump to search

Introduction

We are very excited to talk to some of the folks at Sensepost. In this interview we will be talking to:

  • Charl van der Walt - Director of Service Delivery
  • Haroon Meer - Technical Director
  • Marco Slaverio - Senior Security Analyst (and author of Squeeza)

Resources

Free Tools From Sensepost - Bidihblah, Squeeza, Wikto, and more!

More tools from Sensepost! - BILE is great!

"Its All About Timing" - Blackhat USA 2007 presentation - Don't forget to check out the associated Whitepaper, and the tool "Squeeza".

Penetration Tester's Open Source Toolkit

Question Outline

  • Could each of you introduce yourself and describe how you got into the information security field?
  • Who is Sensepost and what do you do?
  • You have an impressive array of tools and products available on your web site, lets talk about a few:
    • Bidiblah
    • Wikto
    • Aura
    • BILE
    • Others you want to mention aside from Squeeza?
  • Lets talk about Squeeza, which was released this summer at BH 2007. Explain the concept behind timing attacks and how it relates to web application hacking.
  • What is the most severe threat to web applications today (aside from your pen test team)?
  • What can organizations do to protect themselves and their web applications?
  • Most interesting story from a pen test that you can talk about?
  • What do you think of the most recent iPhone hacking work done by HD Moore and how would you incorporate that into your testing? Recommendations for defense?
  • If Marco and Jeremiah Grossman had a contest to see who could hack into the most web applications, who would win?