IBM Talk, the first
Our managing director Florian Hansemann was allowed to participate in a Christmas special at the IBM headquarters on 07.12.2021. All presentations revolved around the topic of SOC & SIEM or QRadar. Only our presentation stood out a little bit, as we were the only speech teamer who was allowed to look at the other […]
First radio post: Fake vaccination cards
On 02.11.2021 I was allowed to give a short contribution with the German wave to the topic of the falsified vaccination cards. Due to the fact that the topic took place very extensively in the Eastern European region, only the Russian-speaking section of the station dealt with the topic. So do not be surprised that […]
Top Security QuickFails: #5 Attack of the CloneAdmins aka Missing LAPS
#5 Attack of the CloneAdmins aka Missing LAPS The attack At FaulerHund AG in Munich, the employees are starting a new business year and are looking forward to new challenges. So also the administrator Karl KannNixDafür, who noticed on Thursday noon around 12:30 that the account of Ute Unbeschwert is still logged in, although she […]
Top Security QuickFails: #4 No SPF
Half past six in the morning in Germany. Bianca at MedienBude GmbH starts her workday by checking her e-mail inbox.
There you will find an urgent email from your boss asking you to check the last statement.
Top Security QuickFails: #3 The “invisible” network shares
#3 The “invisible” network shares The attack It’s Wednesday morning, the sun is shining and all ImmerGrün AG employees are looking forward to the summer party in the afternoon.Beate from the HR department wanted to have a look at some applications from the previous day and was surprised that many documents suddenly required macros to […]
Top Security QuickFails: #2 Domain Admins Everywhere
#2 Domain admins everywhere The attack It is a Monday morning and Kevin Vielzutun starts his monthly server check in the network, because he is one of 3 administrators of Fahrlässig GmbH with about 100 employees. To save time and thus work more efficiently, Kevin performs these checks as usual with his Domain Admin account, […]
Top Security QuickFails: #1 Office Macros
#1 Standard Office Macros Settings The attack Our employee of the month Peter Lustig receives an e-mail from his supplier SuperSchnell GmbH, who has attached a corrected order in an Excel sheet. Of course, the Excel sheet was protected with a password, because the data protection regulation strictly prohibits anything […]
Top Security QuickFails
The prehistory In recent years, we have conducted an extremely large number of penetration tests at companies of all sizes and in all industries (from small law firms with 3 employees, to power plants, to banks and insurance companies with several thousand employees). This blog series highlights a selection of attack vectors, at least one […]
Best of the World in Security: Keynote Speaker
When I was asked to be a speaker for a ‘special’ conference some time ago, my first thought was fake/spam/scam or something else. The title and scope of the event sounded completely absurd, which is why I initially unheard in my network to find out that this is not a fake… So I agreed to […]
Cooperation: Corporate Trust & HanseSecure
We are pleased to introduce our colleagues from“Corporate Trust Business Risk & Crisis Management GmbH” as our first technical partner since 26.04.2021: Here is a brief presentation of our new colleagues: Corporate Trust Corporate Trust is your strategic partner in risk and crisis management. As a management consultancy for security services, we support companies, organizations […]