Free call

MCTTP

2. October 2024

MCTTP 2024 Review

The MCTTP – MUNICH CYBER TACTICS, TECHNIQUES AND PROCEDURES 2024 took place last week (17.09-19.09.2024) at Motorworld in Munich. Once again, numerous speakers applied for the coveted slots at the conference and only the best were selected. Speakers were flown in from all over the world, including countries such as America, Pakistan, Brazil, etc. World-renowned experts such as Sean Metcalf and Oddvar Moe, who usually speak at Blackhat in Las Vegas, also gave talks at our event.

The MCTTP therefore not only offered in-depth insights into current challenges, but also practical solutions presented by world-leading experts. In this blog post, we take a closer look at the focal points, objectives, highlights and workshops of the event.

Overview & Highlights

The event began with a training day on which specific topics were dealt with in depth in small groups. Our Managing Director Florian Hansemann held the workshop “Windows Domain Analysis with Bloodhound”. After plenty of input and exciting exchanges, the two-day conference followed, which was divided into two different tracks:

  • Offensive Track: This track was primarily aimed at technical experts in companies and topics such as bypassing endpoint detection and response solutions, C2 frameworks and IT security through group policies were discussed and analyzed.
  • Corporate Defense Track: This track, on the other hand, dealt with topics such as dealing with crises, vulnerability management and approaches to incident management and was aimed at the C-level in companies (CIO, CTO, CISO, etc.).

The overarching aim of the event was to support all those responsible for cyber security, i.e. technical security officers and managers alike, to engage in dialogue, develop proactive measures and create resilient, future-proof cyber security infrastructures in their companies.

Day 1: Workshops

The following workshops were offered on the first day:

Windows domain analysis with Bloodhound: The vulnerabilities with the greatest risk in companies often lie in incorrect configuration or problems with the authorization of Active Directory. For this reason, our managing director Florian Hansemann trained all participants in the analysis of vulnerabilities in Active Directory using the Bloodhound tool.

Masterclass – Cybercrime, NIS2 & Cyber Resilience Act: In 2024, hackers will have switched the mode of attack to AI. In order to respond to this development in the best possible way, Dr. Marc Maisch, Christoph Callewaert and Stefan Hessel offered participants the opportunity to exchange ideas with experts on the topic and provided them with important practical knowledge for overcoming the new challenges.

Cybersecurity Masterclass: In four different training sessions, the individual aspects of a company’s cybersecurity infrastructure were examined:

  • In their training course“Emergency management for SMEs“, Florian Oelmaier and Falko Weiß worked with their participants to develop a framework for preventative emergency and crisis management in IT.
  • Supply Chain Security & Software Development: Arthur Naefe, Stefan Fleckenstein and Johannes Geiger showed participants how they can effectively ward off the ever-increasing threat of attacks on the supply chain.
  • Ransomware attacks continue to pose a constant threat to companies. For this reason, Arthur Naefe taught the participants in his training course“Ransomware IT Forensics” how the tools used work and how to recognize on a computer where the attack started.
  • An action plan is essential to effectively ensure cyber security in a company. With the support of Florian Oelmaier and Falko Weiß, the participants of the“100-Day Hands on IT Security” training course developed their own 100-day plan to introduce the most important technical and organizational IT security measures.

Day 2 & 3: Lectures

Both days were introduced with a keynote speech by internationally renowned speakers.

Florian Hansemann spoke about the value of the cyber security community, how people help each other to move forward together and face the challenges of the cyber world.

Julian Nida-Rümelin spoke about AI as a breakthrough new technology that could usher in a new era.

The days were characterized by fascinating presentations from the most diverse areas of IT security, with a particular focus on the latest developments and most innovative technologies. Some presentations in particular stood out due to their excitement and high entertainment value and left a lasting impression:

  • Outlook as C2: Oddvar Moe presented how he developed the world-famous Outlook email program into a fully functional C2 framework using a simple setting and has been using it in his penetration tests for years.
  • Digital ID card: The digital ID card has been available in Poland for some time now. Szymon Chadam found various worrying problems and weaknesses in the cell phone app after its introduction, which he reported on in his presentation.
  • Obfuscation in the command line: Anyone who has to deal with PowerShell or Bash during penetration tests knows that security programs examine the commands entered and generate an alarm in the event of suspicious behavior. In his shocking presentation, Wietze Beukema showed a variety of ways to circumvent these security programs by simply modifying the suspicious commands.
  • Dealing with chaos: An IT security incident always brings with it many challenges, from outages to loss of data and money. In her presentation, Hila Fish discussed proactive ways to deal with these incidents and shared the best practices that she herself has finalized over the past few years.
  • Challenges facing cybersecurity providers: Products, services and integrated solutions – the market for cybersecurity is growing every day, but how can you maintain an overview? Philipp Pelkmann spoke about aspects that can be used to identify the right products for your own company.
  • The AI elections: In times of AI, new technologies are increasingly influencing public opinion and sentiment. For this reason, Jonas Mayer, Martin Förtsch and Thomas Endres used a series of live presentations to demonstrate the various possibilities of AI in order to create a better understanding.

Day 3 ended with a final keynote speech by the world’s most famous lawyer, Max Schrems. Through his lawsuits against corporations such as Facebook or agreements between the EU and the USA, he was able to protect the privacy of EU citizens at the European Court of Justice. In his presentation, he talked about the latest developments in his efforts and addressed the importance of data protection in the digital age.

The MCTTP Cybersecurity Conference not only provided exciting presentations and the latest findings in the field of IT security, but also catered for the physical well-being of the participants. Between sessions, there was a wide range of delicious food and refreshing drinks to create a pleasant atmosphere. In addition, special areas offered the opportunity to relax, make new contacts or play games in a cozy atmosphere – a perfect mix of networking and entertainment that livened up the conference day.

Networking

The MCTTP naturally offers numerous opportunities for networking, where participants can make valuable contacts in a relaxed atmosphere. Such networking events enable the exchange of expertise, the initiation of collaborations and the sharing of best practices. By actively reaching out to others, discovering common interests and staying in touch, lasting professional relationships can be built that can be useful far beyond the conference.

The discussions with internationally recognized experts such as Oddvar Moe, Emeric Nasi and Sean Metcalf make the MCTTP a unique event every year.

At the end of the second day, there was a guided tour of Motorworld. Afterwards, a multi-course dinner was served in the famous “Motorworld Inn”. There was a separate dish for each preference.

Conclusion

The MCTTP was once again a complete success, with many speakers praising the organizers for the good organization and the great location in the heart of Motorworld. That’s why the next MCTTP is already being planned for September 17-19, 2025, so anyone who doesn’t want to miss this event again or would like to participate again is cordially invited to pre-register for next year!

Many thanks to the great speakers and participants who make the MCTTP so successful. See you in Munich!

You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information
Unblock content Accept required service and unblock content

Similar posts

Live Hack: GO Business

  “Who owns my data?” On 29.06.2017, a series of lectures on the above topic was held at the entrepreneurial [...]

Read more

13. July 2017

UK – German Cyber-Security Forum

UK – German Cyber-Security Forum On 26.07.2017, the second Cyber-Security Forum of the British Consulate and the Munich Security Network [...]

Weiterlesen

30. July 2017

Offensive Security Certified Professional Experience / OSCP Review

Today I would like to share my experience with OSCP from the guys at Offensive Security. Why OSCP? There are [...]

Read more

11. August 2017

Florian Hansemann as expert at the IHK Munich

On 27.02.2018 between 1 and 4 p.m., the Munich Chamber of Commerce and Industry is offering a roundtable discussion for [...]

Weiterlesen

7. February 2018