Registrations for this years in2securITy national tour are coming in strong, with Wellington and Hamilton fighting for the coveted top spot. Thanks to all those who have registered so far!
Massive thanks also need to go out to Microsoft who have kindly offered the use of their Viaduct Harbour office in Auckland for the 22nd September event!
So to business - we have seats to fill and classes to teach.
With this in mind and to help raise awareness and beautify coffee rooms and corridors across New Zealand. The in2securITy team have put together a tour poster.
Please download, print and distribute.
(Note: 09/07/2012- Date for Hamilton Event corrected - apologies for any confusion)
Ladies and Gentlemen
The in2securITy team are thrilled to announce our first ever national tour.
In2securITy and a host of professionals from all aspects of the IT security industry will be visiting 4 cities around New Zealand throughout August and September and delivering free full day programmes of talks and activities - all aimed at getting people interested in an IT security career.
Whether you are a student or already working and want to branch out into Security - everyone is welcome.
Registration for these events is now open!
Tour Dates 2012
Saturday 18th August 2012 - Hamilton
University of Waikato
(Closing Date - 31st July)
Saturday 8th September 2012 - Wellington
Victoria University of Wellington
(Closing Date - 21st August)
Saturday 15th September 2012 - Dunedin
University of Otago
(Closing Date - 31st August)
Saturday 22nd September 2012 - Auckland
Microsoft - Viaduct Harbour
(Closing Date - 8th September)
It's been far too long since I contributed! And: I know, I know, here's me hassling loadsa people in the community about not contributing ... then so not done it myself. For months!!!
Must be an age thing. Or might be an age thing ... I can't remember which!
Anyways, here (at least) is one new blog entry.
I thought I'd cover off the thorny issue of 'selling' a security policy to that 'C-level' person in your organisation.
Sometimes you may need to group your target hosts. This could be because you have multiple clients or just because you wish to group them by some other characteristic such as service profile, geographic location or sensitivity.
To help with this, metasploit has the concept of workspaces. A workspace is a logical grouping - almost like having a seperate database for a group of hosts. You can have a number of workspaces in action on one metasploit instance.
So you've got your big unknown network, you can see the blinking lights on your switch or router flashing away indicating the huge amounts of traffic zipping it's way from host to host and you want to know what that traffic is...
tcpdump is the tool for you!
On a switched network, to view all traffic on a link you may have to redirect traffic to your collection box using Cisco SPAN(or by using ARP poisoning).
Location: The University of Auckland Business School
Owen G Glenn Building, 12 Grafton Road, Auckland
Date: Friday 31st August 2012
Registration Closing Date: 20th August 2012 (places are limited though so don't leave it too late)
Today we are proud to announce the fourth annual OWASP New Zealand Day
conference, to be held at the University of Auckland on Friday August
31st, 2012. OWASP New Zealand Day is a one-day conference dedicated to
Penetration testers often find themselves in the position where they are testing multiple hosts or groups of hosts at the same time. When you factor in how many services, vulnerabilities and scan results associated with each of these, you quickly start to realise that organising your findings and work is no longer a nice to have - it's essential.
The development team behind metasploit are pretty savvy and have provided a wealth of features to help you get your stuff in order.
Just a quick post to advertise our new mailing lists!
The team at in2securITy have been trying hard to make our communications a little more consistent and easy to manage. These mailing lists are part of that work.
There are two lists:
This list will replace our previous informal mailing list system and become the default way to get news about upcoming events, competitions and to share newsletters.
This is a discussion list to allow community debate and questions.
During the information gathering stage of a penetration test, the key is to gather as much information about the target as possible before you begin to actively engage with the person or organisation in question.
Almost all commercial document creation and publishing tools embed additional information into files when they are saved. These details include both technical and non-technical information about the tool, the computer it was used on and the document itself.
The team here at in2securITy HQ are thrilled to announce that we now have now fully launched phase 1 of our mentoring scheme. Thirty-two people (sixteen proteges and sixteen mentors) are now starting to build their mentoring relationships.
For many of you involved or considering joining the scheme, mentoring is a brave new world. To help everyone start off safely and confidently, we held a live streamed Introduction to Mentoring session.
The video for this session is now up on the in2securITy YouTube channel.