Trust in Tech – August

Join us for our next event on the 30th August

Talk1 : Using the “bloodhound” for good and evil

Mature companies rate their information and the systems storing this information. I guess everyone agrees that a Domain Controller has a higher criticality (CIA) than a small system hosting a cantina food-plan webserver. But what if an attacker is able to get from this uncritical system to the domain controller in just a few hops using lateral movement and targeted mimikatz to scratch passwords from memory? Also would you solve a vulnerability faster if you would better understand this risk? Within this talk I will show you how to visualise this risk with the tool Bloodhound and how Red Teamers can exploit this knowledge.

 

Speaker : Stefan Molls

Stefan Molls is Director of Technical Account Management at Tanium, a software framework specialised in managing and securing large enterprise environments. Before joining Tanium he worked at companies like ThyssenKrupp and Siemens were he specialised in Information Security, Incident Response, Forensics and Red Team assessments. If Stefan is not in front of his computer he loves to do martial arts like TaeKwonDo or Boxing.

 

Talk2 : Managing Team Secrets Effectively

People did a great job in making our deployments secure. We already use automated and secured build pipelines and our Clusters and VMs are locked in.   But there is another integral part which often does not get the appropriate attention: the local developer workflow. Whenever we integrate with 3rd Party APIs or multiple services, credentials of any form are necessary. Surely saving these passwords in plaintext inside a github repository won’t fit the purpose. But would an on premise hosted wiki be safe enough? Or passing around a sticky note with a handwritten password on it?   Any secret that’s ever written to disk or on paper is another attack vector. Not just on production servers or continuous integration, but especially in the developer workflow. If your unencrypted laptop gets stolen or your private source code repository appears to be not so private after all, you’d hope your project’s secrets wouldn’t be compromised.   In this hands-on talk I will show the way we approached this challenge in real world projects using a few simple and automation friendly commandline tools.

 

Speaker : Jakob Holderbaum

As a Freelance Consultant and Developer, I help customers on site to transform towards an agile approach to Software / Hardware Development. By working together with the existing product team, I can focus on building capabilities in the team while working together on delivering value continuously.

 

 

 

Cologne is be the place to be, the exact Location will be announced soon…

Sende eine Antwort zu „Trust in Tech – August“

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

© 2018 Trust in Tech