This blogpost contains summaries of talks from this year’s TROOPERS19 Active Directory Security Track.
From Workstation to Domain Admin: Why Secure Administration Isn’t Secure and How to Fix It by Sean Metcalf
Active Directory is probably used in almost every corporation today to administer all kinds of Authorization, Authentication and Privileges. This means they are valuable targets for attackers, because once compromised they could do whatever they want. This would be the worst case scenario, right? Therefore securing AD is important and this year TROOPERS19 featured a whole track solely for AD Security.
Earlier this month I attended the Digital Medical Expertise & Applications (DMEA) 2019. The DMEA fair in Berlin (formerly conhIT) is the central platform for digital health care as it brings together companies of health IT, academic institutions, politics and healthcare delivery organizations in several format such as innovation hubs and talks during congress sessions as a part of the industry fair. I participated in a congress session about IT security in healthcare with a talk about medical device security and common security flaws in medical devices. Some of the aspects have also been covered in my talk at #TR19 .
As a follow-up of the very fruitful discussions between people from the car industry and medical device security folks in the IoT roundtable session from #TR19 I wanted to share my experiences and insights from the DMEA with you.
As promised in my previous post, I am back for an overview of the Troopers19 – Active Directory related talks… Videos have been published and it’s popcorn time… So if you are into stories about Kingdoms and Crown Jewels, grab your loved one [or a drink…] and turn the lights down low, ’cause tonight it’s “Troopers & Chill…”
Sadly, TROOPERS 19 is already over. I had great fun meeting all of you, helping you with your badge problems and seeing others hacking on their badges for example to get custom images on there.
With this year’s badge we wanted to give you something you can reuse after the conference, learn new things new build something on your own.
As promised in our talk Jeff and I would like to give you a short introduction into the badge internals. Along with this post we will release the source code for the badge firmware, the provisioning server and the schematics for the PCB.
When you are working in the area of mobile security, you sooner or later receive requests from clients asking you to test specific ‘Mobile Device Management’ (MDM) solutions which they (plan to) use, the corresponding mobile apps, as well as different environment setups and device policy sets.
The expectations are often high, not only for the MDM solutions ability to massively reduce the administrative workload of keeping track, updating and managing the often hundreds or thousands of devices within a company but also regarding the improvements towards the level of security that an MDM solution is regularly advertised to provide.
With this very blog post you are reading and a small series of future blog posts, I would like to provide some insight from my day-to-day practical experience with some of the most often used MDM solutions from a testers perspective.
When I got home last weekend after an awesome week at WEareTROOPERS, my 5yr old asked me what actually happened in Heidelberg…
I told him we were meeting with some people from all over the world to talk about computer security, and he asked me if it was “to stop the bad guys, like super-heroes?”. So I told him “yes, kind of…”, and he decided he would take his new Troopers T-Shirt to school on Monday to show his classmates. Kids are truly amazing… [<3 <3 <3]
But since you are not a kid anymore, I would like to take the opportunity of this blogpost to go into a bit more details and tell you what really happens at Troopers… I’ll skip on the technical for now (most probably will do another post once the recordings are made available), and in this post I would like to put the focus on the human side.