in2securITy - Vulnerability Assessment

Company/Organisation: in2securITy
Type: Project
Location: Any New Zealand
Start Date: 15th January 2012
End Date: 15th February 2012
Description: Conduct a vulnerability assessment of the in2securITy site and present your findings to the team.
Project mentoring is provided.
Requirements: Knowledge of web applications, CMS systems and vulnerbaility assessment. Access to a suitable computer and internet connection from which to test. Good standard of written English.
Application Process: CV and Skype Interview

Insomnia Security - Distributed Password Cracking Platform

Company/Organisation: Insomnia Security
Type: Project
Location: Wellington or Auckland
Start Date: 17 Dec 2012 (preferred)
End Date: 5 weeks from start date
Description:
Insomnia wishes to build a distributed password cracking system, which allows flexible, easy and convenient access to password cracking hardware. This system will provide:
• A web interface to submit, monitor and retrieve password cracking jobs
• A scheduling engine which chunks, prioritises and distributes work units to compute nodes
• A cross platform worker agent which provides an abstracted interface to existing cracking software
• A selection of typical preconfigured password crack modes (dictionary, brute force, hybrid-mask bruteforce) with an indicator of estimated completion time and cost
• Ability to dynamically add and remove compute hardware

Additional Extra Features, time permitting
• Multi-tenant support (permitting the sharing of compute resource across organisations which trust each other enough to do so, but without immediate access to each other’s results in the web interface)
• Amazon EC2 GPU instance API integration, to permit a “spend this much money to make it go faster” UI

This system has had initial engineering and technology stack choices made, with a basic codebase existing for the web interface and worker agent components. The current system’s technology choices include:
• Python
• Python-django, dajax and twitter bootstrap for the web interface
• XMLRPC for agent communication
• Hashcat , OCLHashcat for password cracking
• CPU and AMD Radeon 7970 GPU compute nodes

Requirements:
• Familiarity with Python
• Basic Linux and Windows systems experience (sufficient to wrangle GPU compute toolchains, drivers, etc.)
• Computer and internet connection

Application Process: CV and Interview (Wellington)

Xero - Vulnerability Assessment

Company/Organisation: Xero
Type: Placement
Location: Wellington CBD
Start Date: Flexible (Jan/Feb)
End Date: 4 weeks
Description:
Working with the Security Working Group at Xero as either a security software developer, or security consultant / penetration tester – guidance / mentoring and training will be given.

For students with a software engineering background:
• Analysis of an existing software solution
• Development of an open source security tool for ASP.NET MVC web applications
• Some integration of external information sources into our issue tracking system

For students with less software engineering in their background:
• Network and web application penetration testing (training will be given)

Requirements:
None – we will work with the candidates current experience and desire for growth.
All equipment and software will be provided. The candidate may have some responsibility for OS tinkering and configuration

Application Process: Brief CV/Cover Letter & Interview

NZ Registry Services - Choice of project

Company/Organisation: NZ Registry Services
Type: Placement
Location: Wellington
Start Date: Flexible (Jan/Feb)
End Date: TBC
Description:
Choice of one of the following projects:
* Analysis of WHOIS service abuse in the .nz namespace
* Review and test open-source web application firewalls for public sites
* Ipv6 security analysis

Full briefs are available on demand - email info@in2securITy.org.nz for a copy.

Requirements:
TBC

Application Process: CV and Interview

InternetNZ - Android Update Research

Company/Organisation: internetNZ
Type: Project or Placement
Location: Any New Zealand
Start Date: Flexible (Jan/Feb)
End Date: 4-6 weeks from start date
Description:
Android phones are typically not updated when new OS versions are released. People can't update their own Android phones as it is done by the Telco. This means that security holes fixed by later OS releases remain unpatched for people with older phone versions. The project is to look at a few security vulnerabilities that were patched in later OS releases but not for people with older versions- describe them, look at customer impact, and explore any options.

Requirements: N/A
* Computer and internet connection (if working remotely)
* Laptop if working on site

Application Process: CV

InternetNZ - In-site Malware Detection Tool Review

Company/Organisation: internetNZ
Type: Project or Placement
Location: Any New Zealand
Start Date: Flexible (Jan/Feb)
End Date: 4-6 weeks from start date
Description:
Review free tools available to detect if a webpage is serving malware or has done so in the past 90 days. Describe how they work; strengths & weaknesses; and recommend if any tool is clearly superior. Example of a tool is Google Safe Browsing, e.g. http://google.com/safebrowsing/diagnostic?site=internetnz.net.nz

Requirements:
* Computer and internet connection (if working remotely)
* Laptop if working on site

Application Process: CV