Social engineering plays a role in almost every breach. In this deep dive into social engineering techniques, security experts Alexander and Erik will share their experience from investigations and red team assignments. This talk covers the latest phishing techniques, CEO scams, physical intrusions, vishing and many other social engineering vectors.
This session will focus on how to secure the modern Windows 10 desktop through both on-premise and cloud delivered management solutions. Security features including BitLocker, Exploit Guard, AppLocker, Defender ATP and more will be demonstrated. Real world scenarios will also be shared where implementing these technologies can prevent your enterprise being the victim of a security based attack.
I den här sessionen går vi igenom hur man utför riskanalys i en så kallad konsekvensbedömning, ett krav som kom med GDPR för alla behandlingar som utgör hög risk för den registrerades rättigheter och friheter. Vi presenterar en lämplig modell för att bedöma allvaret i en personuppgiftsincident för att bedöma om den måste anmälas till de registrerade, och vad som egentligen är en personuppgiftsincident. För att sedan skydda uppgifter rätt behöver de klassificeras för att kunna skyddas på rätt sätt – sessionen går igenom hur ostrukturerat data kan klassificeras och skyddas.
A vulnerable web application could result in major reputational and financial losses, and it is often the entry point that hackers use to compromise entire organizations. This demo-oriented talk will cover advanced topics such as exploitation of second-order flaws and insecure de-serialization exploitation. The talk also features vulnerability identification methodology with a discussion of how to best combine manual and automated tests
During software development you are often faced with different architectural choices. These choices can affect the security of your application in different ways. Join us in a journey along different scenarios and security considerations.
One of the major challenges for the penetration tester is to understand the systems being tested. One of the major challenges for the customer is to get real value for money. We provide this value by working continuously with our customers over longer periods of time. We deliver results directly into our customers’ existing workflows, only writing reports when explicitly requested to do so. In this session I will describe how this has been implemented at one of our customers.
A stolen computer, a phished account, a weak password, a badly configured service, a vulnerable application or an unattended computer at the reception desk. Just a few examples of the many possibilities to get access to an internal network. What happens when the attackers are in the network? What tools do they use? What are they after? How visible are they? In this session we will show the attack methodology, lateral movement techniques and tools for internal network dominance. We will also look at ways we can make the attackers’ life more difficult and force them to be noisy.
With both cyber crime and real-world crime the main objective is generally to steal assets. But while most crimes performed in the real world will be detected and investigated, the same does not hold true in the cyberworld without proper preparations. Recent studies of cybercrime economy have estimated a world-wide annual revenue of $1.5 trillion during 2018. How much did they steal from your organization? Do you have the tools to know?
Most of the enterprises worldwide are at great risks due to lack of identity-based segmentation and problematic exposure of high and important privileges. Using real-life examples we show how and what to consider when building and identity segmentation model and how that will put effective measures against cyber attacks lateral movement. We will demonstrate different cases and scenarios based on real-life challenges we encounter when designing and building Privilege Access Workstations PAW’s as well as how to build a working tire model and harden your domain to protect your identities and infrastructure.