{"id":257,"date":"2018-08-10T08:46:46","date_gmt":"2018-08-10T06:46:46","guid":{"rendered":"http:\/\/trustintech.eu\/?p=257"},"modified":"2018-08-19T17:14:43","modified_gmt":"2018-08-19T15:14:43","slug":"trust-in-tech-august","status":"publish","type":"post","link":"https:\/\/trustintech.eu\/index.php\/2018\/08\/10\/trust-in-tech-august\/","title":{"rendered":"Trust in Tech – August"},"content":{"rendered":"

Join us for our next event on the 30th August<\/strong><\/span><\/h1>\n

Talk1 : Using the \u201cbloodhound\u201d for good and evil<\/span><\/h3>\n

Mature companies rate their information and the systems storing this information. I guess everyone agrees that a Domain Controller has a higher criticality (CIA) than a small system hosting a cantina food-plan webserver. But what if an attacker is able to get from this uncritical system to the domain controller in just a few hops using lateral movement and targeted mimikatz to scratch passwords from memory? Also would you solve a vulnerability faster if you would better understand this risk?\u00a0Within this talk I will show you how to visualise this risk with the tool Bloodhound and how Red Teamers can exploit this knowledge.<\/p>\n

 <\/p>\n

Speaker : Stefan Molls<\/span><\/h3>\n

Stefan Molls is Director of Technical Account Management at Tanium, a software framework specialised in managing and securing large enterprise environments. Before joining Tanium he worked at companies like ThyssenKrupp and Siemens were he specialised in Information Security, Incident Response, Forensics and Red Team assessments. If Stefan is not in front of his computer he loves to do martial arts like TaeKwonDo or Boxing.<\/p>\n

\"\"<\/p>\n

 <\/p>\n

Talk2 :\u00a0Managing Team Secrets Effectively<\/span><\/h3>\n

People did a great job in making our deployments secure. We already use automated and secured build pipelines and our Clusters and VMs are locked in. \u00a0 But there is another integral part which often does not get the appropriate attention: the local developer workflow. Whenever we integrate with 3rd Party APIs or multiple services, credentials of any form are necessary. Surely saving these passwords in plaintext inside a github repository won\u2019t fit the purpose. But would an on premise hosted wiki be safe enough? Or passing around a sticky note with a handwritten password on it? \u00a0 Any secret that\u2019s ever written to disk or on paper is another attack vector. Not just on production servers or continuous integration, but especially in the developer workflow. If your unencrypted laptop gets stolen or your private source code repository appears to be not so private after all, you\u2019d hope your project\u2019s secrets wouldn\u2019t be compromised. \u00a0 In this hands-on talk I will show the way we approached this challenge in real world projects using a few simple and automation friendly commandline tools.<\/p>\n

 <\/p>\n

Speaker : Jakob Holderbaum<\/span><\/h3>\n

As a Freelance Consultant and Developer, I help customers on site to transform towards an agile approach to Software \/ Hardware Development. By working together with the existing product team, I can focus on building capabilities in the team while working together on delivering value continuously.<\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

 <\/p>\n

Cologne is be the place to be, the exact Location will be announced soon…<\/p>\n

\"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Join us for our next event on the 30th August Talk1 : Using the \u201cbloodhound\u201d for good and evil Mature companies rate their information and the systems storing this information. I guess everyone agrees that a Domain Controller has a higher criticality (CIA) than a small system hosting a cantina food-plan webserver. But what if […] <\/p>\n

Weiterlesen …<\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1,3],"tags":[],"_links":{"self":[{"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/posts\/257"}],"collection":[{"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/comments?post=257"}],"version-history":[{"count":16,"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/posts\/257\/revisions"}],"predecessor-version":[{"id":287,"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/posts\/257\/revisions\/287"}],"wp:attachment":[{"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/media?parent=257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/categories?post=257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trustintech.eu\/index.php\/wp-json\/wp\/v2\/tags?post=257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}