Registrations for this years in2securITy national tour are coming in strong, with Wellington and Hamilton fighting for the coveted top spot. Thanks to all those who have registered so far!

Massive thanks also need to go out to Microsoft who have kindly offered the use of their Viaduct Harbour office in Auckland for the 22nd September event!

So to business - we have seats to fill and classes to teach.

With this in mind and to help raise awareness and beautify coffee rooms and corridors across New Zealand. The in2securITy team have put together a tour poster.

Please download, print and distribute.

A PDF version can be found here or can be requested by emailing info@in2security.org.nz.

Okay, okay!

It's been far too long since I contributed! And: I know, I know, here's me hassling loadsa people in the community about not contributing ... then so not done it myself. For months!!!

Must be an age thing. Or might be an age thing ... I can't remember which!

Anyways, here (at least) is one new blog entry.

I thought I'd cover off the thorny issue of 'selling' a security policy to that 'C-level' person in your organisation.

Sometimes you may need to group your target hosts. This could be because you have multiple clients or just because you wish to group them by some other characteristic such as service profile, geographic location or sensitivity.

To help with this, metasploit has the concept of workspaces. A workspace is a logical grouping - almost like having a seperate database for a group of hosts. You can have a number of workspaces in action on one metasploit instance.

So you've got your big unknown network, you can see the blinking lights on your switch or router flashing away indicating the huge amounts of traffic zipping it's way from host to host and you want to know what that traffic is...

Then tcpdump is the tool for you!

Location: The University of Auckland Business School
Owen G Glenn Building, 12 Grafton Road, Auckland
Date: Friday 31st August 2012
Registration Closing Date: 20th August 2012 (places are limited though so don't leave it too late)
Time: TBC

Details

Today we are proud to announce the fourth annual OWASP New Zealand Day
conference, to be held at the University of Auckland on Friday August
31st, 2012. OWASP New Zealand Day is a one-day conference dedicated to

Penetration testers often find themselves in the position where they are testing multiple hosts or groups of hosts at the same time. When you factor in how many services, vulnerabilities and scan results associated with each of these, you quickly start to realise that organising your findings and work is no longer a nice to have - it's essential.

The development team behind metasploit are pretty savvy and have provided a wealth of features to help you get your stuff in order.

Just a quick post to advertise our new mailing lists!

The team at in2securITy have been trying hard to make our communications a little more consistent and easy to manage. These mailing lists are part of that work.

There are two lists:

announce@lists.in2security.org.nz

This list will replace our previous informal mailing list system and become the default way to get news about upcoming events, competitions and to share newsletters.

discussion@lists.in2security.org.nz

This is a discussion list to allow community debate and questions.

During the information gathering stage of a penetration test, the key is to gather as much information about the target as possible before you begin to actively engage with the person or organisation in question.

Almost all commercial document creation and publishing tools embed additional information into files when they are saved. These details include both technical and non-technical information about the tool, the computer it was used on and the document itself.

The team here at in2securITy HQ are thrilled to announce that we now have now fully launched phase 1 of our mentoring scheme. Thirty-two people (sixteen proteges and sixteen mentors) are now starting to build their mentoring relationships.

For many of you involved or considering joining the scheme, mentoring is a brave new world. To help everyone start off safely and confidently, we held a live streamed Introduction to Mentoring session.

The video for this session is now up on the in2securITy YouTube channel.