Home
Input Validation - Crunchy on the Outside By Alex T
Submitted by Secure Software... on Thu, 07/06/2012 - 09:00It seems that every category of security flaw lists "Input Validation" as one of the solutions. Check the OWASP Top Ten or the CWE/SANS Top 25. There is even a free software library from OWASP to do input validation, and functionality built into frameworks such as Apache Tapestry.
So, what is it, and why is it such a hot topic, even though there are libraries that solve it?
[Hack Yourself First] Part 3 - Defending against Pass-the-Hash by Mike H
Submitted by Network Defence on Tue, 05/06/2012 - 09:00The original pass-the-hash technique has been known about since 1997 but it in my experience it's implications are not widely understood by network administrators.
Understand the pass-the-hash attack
This attack essentially means that an attacker who compromises a single internal host and obtains cached credentials can gain control of ANY other host provided it's reachable on port 139/445 on the network. The attack essentially works by authenticating with the NTLM hash and using PSEXEC to execute code on the remote machine.
[Event] Introduction to Mentoring - RSVP by 05/06/12
Submitted by In2Security on Wed, 30/05/2012 - 09:00Location: Google Hangouts
Date: Thursday 7th June 2012
Time: 19:00 - 20:00 (NZT)
The mentoring scheme is officially underway!
However, before we match you all up with your perfect partner, we want to make sure that everyone has a firm grasp of what a mentoring programme involves and how to get the most out of it. To help make this learning process as quick, easy and flexible as possible we will be running a Google Hangout session on Thursday 7th June at 7pm NZT.
[Hack Yourself First] Finding and Fixing Common issues
Submitted by Network Defence on Mon, 28/05/2012 - 09:00As much as we would like to believe that all of the issues we discover on our networks are new and exciting, the sad truth is that there are a number of issues that come up time and time again.
The quicker you learn how to fix and find them the better.
So, in no particular order - here is a list of the most common network issues and how to find/fix them.
Default passwords
[Newsletter] May 2012 :Mentors, Mailing Lists and Multiple Choice
Submitted by Meta on Fri, 25/05/2012 - 09:07This month has been yet another whirl wind of activity at in2securITy HQ.
Mentoring registration success
Thanks to all of you who applied to be part of the in2securITy mentoring scheme for 2012/13. We were thrilled to have so much interest, even attracting an cheeky application from Estonia.
The closing date for this phase of applications has now passed and the first phase of proteges and mentors will kick off in the next couple of weeks.
MYTH: The Golden Qualification – Vendor Certifications
Submitted by In2Security on Mon, 21/05/2012 - 22:31If I had a dollar for every new specialist IT qualification that came onto the market claiming to be the ‘best and only’ way to become a security professional, I would be rich.
The IT security qualifications market is complex and rapidly expanding with products available for every possible specialisation.
For those new to the industry, or those looking to stand out in the recruitment market, the temptation is to collect these qualifications as a mark of status or ability.
Qualifications and Recruitment
[HACK YOURSELF FIRST] Part 1: Defending against basic attacks by Mike H
Submitted by Network Defence on Fri, 18/05/2012 - 09:00In this article
Here is a list of tools we’ll be using:
- nmap (port scanning, service detection and versioning)
- medusa (bruteforce windows smb credentials, SSH and lots of others)
- metasploit (we are just going to use database support for building lists of services)
Background
[Tool] NMAP - Network Discovery and Mapping
Submitted by Penetration Testing on Fri, 11/05/2012 - 09:00As a penetration tester, there are a few tools that are a must have on every job. They may not seem glamourous but they are fundamental, especially in the reconnaisance stage of penetration testing.
NMAP (Network Mapper) is a free, open source network mapping tool by Fyodor and is still under active development today.
In this article we will introduce NMAP, how to use it and what to think about while learning its flags/options.
When in2securITy met Bruce
Submitted by Meta on Tue, 08/05/2012 - 09:00Last week was quite possible the most surreal (yet amazing) week in the brief history of in2securITy so far.
On Tuesday 1st May 2012, in2securITy were lucky enough to be given a presenting slot in the only free to attend/watch talk by Bruce Schneier in New Zealand!
[flickr-photoset:id=72157629985451119,size=s]
[Event] Auckland Meet Up and Social (17/05/2012 : 18:30 onwards)
Submitted by In2Security on Fri, 04/05/2012 - 09:00Location: The Empire, 137 Victoria Street West Freemans Bay 1010
Date: Thursday 17th May 2012
Time: 18:30pm – 20:30pm
Ladies and Gents I am pleased to announce that Thursday 17th May 2012) is the next Auckland in2securITy social event.
Come along to The Empire (http://g.co/maps/5fq3p) from 18:30 for a drink (doesn't need to be alcoholic if thats not your thing) and get to know some of your fellow participants and professionals.
Everyone welcome and its free to come along. All you need is spending money for drinks.