Internships / Bootcamps
We ran two successful internships / bootcamps, this is an important part of our strategy to contribute towards developing / nurturing local information skills in South Africa. For additional information on the two bootcamps that we ran in the past two years, refer to:
From the bootcamps we ran, we ended up hiring 5 new staff members that joined our team and are now on their way to achieving great things both at Telspace and in the community (watch this space).
Those that did not make it with us, in most of the cases, ended up finding jobs at other info sec companies and / or corporates which is the exact reason we started the bootcamp, to filter more people in to the industry as a whole, not just specifically at Telspace. We also assisted those that could not find anywhere to be placed, by sending their CVs to some of our customers and / or other competitors. Below are some pictures of the bootcamp:
Talks and Research
Training - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows
|Undercover hackers on their way to DEFCON China (no black hoody = no hacking going on here)|
|Epic artwork, epic venue! #HackerVibes|
|The actual venue where we were presenting but we totally missed the entrance and went on an adventure, thank goodness for Grifter!|
|Our names in lights O_O|
|A full house for all our classes with great interactions and learning!|
|Party time, and man was it a party x_X|
|Thanks to all the trainers, organisers, volunteers and everyone that made DEFCON China 1.0 possible <3|
Training – Ethical Hacking 101
|Some cool art work on Aviv Beach|
|Raul (left) and Manny (right), ready to present to the community|
|Packed house for the kick off of BSides TLV 2019|
|Aaaaaaaaaaaaaaaaaaaand guess where we are now, VEGAAAAAAS!|
|Students from one of our classes (the ones that wanted to be in the picture that is!).|
|#TheBadgeLife – we got to have them all (or at least some!).|
Back to the Motherland
|Jayson Street handing Dino the official DEF CON flag for the DC2711 Group|
|The official DC2711 sticker but more importantly, a coffeeeeee voucher :D|
|Some official swag :D|
|Dino and Manny with their fun faces on :P|
|The core GOON team for DC2711 – thank you again!|
We were also Gold Sponsors of BSides Cape Town 2019 and Amy’s talk was also accepted (this talk was first completed at DC2711)!
|On our way to BSides Cape Town!!!!!|
|Amy Manià giving her talk “Put words in my mouth” although we all know it as the “deep throat” talk.|
Amy’s talk is accessible online at https://www.youtube.com/watch?v=4R-g90lplco.
Research / Dropping them 0days
In 2019 and 2020 we discovered and reported on a number of vulnerabilities, some of the main ones being:
- QNAP - CVE-2019-7181 (https://www.qnap.com/en/security-advisory/nas-201905-09)
- phpList – CVE-2020-15072 & CVE-2020-15073 (https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html)
- Pi-hole Code Injection – CVE-2020-14971 (https://blog.telspace.co.za/2020/06/pi-hole-code-injection-cve-2020-14971.html)
We also released a tool called Travesty, which is a directory and file enumeration tool (post exploitation). This can be downloaded at https://github.com/telspacesystems/travesty .
For additional information on these and others we released / published this year refer to https://blog.telspace.co.za/
During DEF CON Safe Mode (DC28) Greg, Amy and Derek presented at the “War Story Bunker” event (Friday 7th August 2020), which was a pentesting story that caused a lot of big laughs and surprised faces – unfortunately these are not recorded for various reasons, but more information about DC28 can be found at https://www.defcon.org/html/defcon-safemode/dc-safemode-schedule.html .
Amy Mania also represented Telspace during a Woven Experiences podcast with Melissa Monnig, the interview can be listened to on Spotify at:
Throughout the year we also participated in other local and international conferences, round table events and provided comments on news stories in the media.
In closing, we would like to thank everyone who made our 2019/2020 so amazing, a huge thank you to our staff, clients, employees, friends and most importantly the local and international Information Security community.
We wish you all the best and a prosperous year for 2021.