And Five Talks More Were Accepted at TROOPERS19!

And five talks more were chosen for TROOPERS19! It sounds like it is going to be the best year ever again…

Follow us on Twitter (@WEareTROOPERS) for more information and do not hesitate to use our hashtag #TR19 when you have questions or remarks about TROOPERS19!



Not A Security Boundary: Breaking Forest Trusts by Will Schroeder, Lee Christensen

Presenting at the Active Directory Security Track


For years, Microsoft has stated that the forest is the security boundary in Active Directory. Many organizations have built their Active Directory trust architectures with this in mind, trusting that the compromise of one forest cannot be leveraged to compromise a foreign forest. However, we have discovered that this is not the case. The forest is no longer a security boundary.

By combining a legacy printer protocol “feature” with several architectural flaws in Active Directory, the compromise of one forest can be leveraged to compromise a foreign forest and all resources within it. We will deep dive into the architectural components that enable this trust violation, demonstrate a fully weaponized attack with available tools, and provide complete mitigation/detection guidance.


Will Schroeder and Lee Christensen are offensive engineers and red teamers for SpecterOps. Will is the co-founder of various offensive projects including the Veil-Framework, Empire, GhostPack, and BloodHound. He has presented at a number of industry conferences including ShmooCon, BlackHat, DEF CON, Troopers, DerbyCon, BlueHat Israel, and more.

Lee enjoys building tools to support red team and hunt operations and is the author of several offensive tools and techniques, including Unmanaged PowerShell (incorporated into the Metasploit, Empire, and Cobalt Strike toolsets) and KeeThief.

Digital Forensics and Incident Response in G Suite by Megan Roddie

Presenting at Defence & Management


This talk uses a real-life case scenario to prepare attendees for responding to security incidents affecting G Suite users.


Megan Roddie is a security analyst with Recon InfoSec. With previous experience in the public sector and a current position in the private sector, she has a variety of experience in different types of environments. With a love for public speaking, she has spoken at DEFCON, BSides Dallas, SOURCEConf, and various other conferences. Megan recently graduated with a Masters’ degree in Digital Forensics and holds GCIH and GCFA certifications.

Automotive Penetration Testing with Scapy by Nils Weiss, Enrico Pozzobon

Presenting at Next Generation Internet


This talk will provide a general overview on how Scapy can be used for automotive penetration testing. All present features of Scapy for automotive penetration will be introduced and explained. Also, an overview of higher-level automotive protocols will be given.


Nils Weiss and Enrico Pozzobon are PhD students at the University of Applied Sciences in Regensburg. Both are focusing on automotive security research since more than 3 years. After an internship at Tesla Motors, Nils decided to focus on automotive security as a research field. During his bachelor and master program, he started with penetration testing of entire vehicles.

Enrico Pozzobon started with automotive security during his Erasmus semester at the University of Applied Sciences in Regensburg. He studied telecommunication engineering at the University of Padua. For 2 years, Nils and Enrico are building up a laboratory for automotive penetration testing at the University of Applied Sciences in Regensburg. Besides penetration testing of automotive systems, both are contributing to open source penetration testing frameworks for automotive systems (Scapy).

No more dumb hex! by Ange Albertini, Rafał Hirsz


Hex viewers and editors are useful, they “just work”, but they are very limited. This talk introduces new perspectives and tools for dissecting, visualizing and editing binary files.


Ange Albertini is a reverse Engineer, author of Corkami. Currently Security Engineer at Google.

Rafał Hirsz is a front-end software engineer by heart doing lots of random stuff all the time. Currently at Google.

You “try” to detect mimikatz by Vincent Le Toux

Presenting at the Active Directory Security Track


This is 2019 and you still “try” to detect mimikatz. “Try”, because after many years, this post exploitation tool continues to be successful.


Vincent Le Toux is working as a security guy in an energy utility. He is the CEO of My Smart Logon, a company specialized in smart cards ( and the author of Ping Castle – an Active Directory security tool ( He has also made many open source contributions such as mimikatz, OpenPGP, OpenSC, GIDS applet, etc. Finally, he already did presentations in security events, mainly BlackHat, FIRST and BlueHat.

Leave a Reply

Your email address will not be published. Required fields are marked *