It's hard to describe to people that you get paid to hunt and exploit vulnerabilities for a living. People generally associate work with building or supporting stuff. Vulnerability research is quite the opposite. It is all about breaking stuff. So, when it comes to explaining to people that you're paid to come up with unique and innovative ways break into systems for a living, the conversation generally goes something very similar to this:

This holiday weekend, in2securITy is thrilled to debut on its first New Zealand owned, operated and hosted server - thanks to our very own 'knight-with-rack-mounted-virtual-machines'.

Having heard about in2securITy and what we are trying to do, Greg, Chris and their team at Where's My Server? have kindly offered to host our tiny online empire right here in New Zealand.

I hope you will join us all in saying a massive thank you to them. It's great to have their support!

Following on from our recent links to the free courses offered by Stanford University. We received notification of more amazing free university level courses - this time from the Open University in the UK.

Intro to InfoSec (Estimated length - 55 hours)

Network Security (Estimated length - 25 hours)

I'm a software developer. Sure, I'm involved with security, and I spend more time on processes than code these days, but what I care about most is making software. For me, security is fundamental, because if someone pwns my code it's my mistake and my pride is on the line. And of course it's fun, I love the ingenuity of the attacks and the challenge of defending against them.

Wow, it's been a busy few weeks here at in2securITy HQ. Really starting to get a feel for how much demand is out there for IT security foundations and how much creative thinking is going on around the issue.

In business they would call this expectation management.

Every tool or technique we cover will have the prefix [TOOL] or [TECHNIQUE] in the title. For post will also include some hands on tasks you can complete to get familiar with a particular subject.

For some tools and techniques there are excellent tutorials, videos and guides already online – it can just be a real pain to find them.

There is no point in us rewriting the Internet so where there are good existing tutorials they will be featured as part of our tool guides (appropriately sourced and linked of course).

As promised, the time has come to get stuck into some actual hands on skills.

So first up – it’s time to get your kit in order.

To get down and dirty with most of the tools and techniques suggested and explained through the Penetration Testing blog (and in fact most of the others when you think about it), you need the right base from which to work.

It is our absolute pleasure to announce that in2securITy have become the proud recipients of a grant from InternetNZ.

For those who may not be aware of this awesome organisation, InternetNZ (Internet New Zealand Inc.) is a non-profit open membership organisation dedicated to protecting and promoting the Internet in New Zealand and fostering a coordinated, cooperative approach to its ongoing development.

Thursday 15th March saw 15 security folk from all walks of life join together in an evening of drinks, discussion and cheesy potato wedges.

Both participants and professionals alike were there, sharing war stories, asking questions and enjoying the last of the warm autumn evenings at the Empire Tavern's Garden Bar.

A big thanks to all of those who came along. It was a great night and I hope to see even more of the community for our next events and socials.

Now I've been around the block so many times - I'm beginning to give pet-names to the cracks in the footpath here.

And the one thing that I've seen as I've sauntered along - over and over again - is sec techs getting all uber-frustrated, and bitter 'n twisted 'cause senior management just won't part with some long green when it comes to ... gasp! ... security?

Such situations most often occur as the result of either this internally- or externally-generated report clearly demonstrating that a visually-impaired driver in a truck 'n trailer unit could find their way through the firewall.