Beer-Talk #1 in Vaduz: Lazy ways to own networks

Not every attack technique has to be fancy. Often simple methods are successful too. We will show you some of them at our frist Beer-Talk in Vaduz, on September 27, 2018.

This Beer-Talk is divided in a technical presentation (in english) of about 45 minutes followed by discussions over a light meal. The participation is free but a registration is required.



Compass Security performs many internal network security tests, so called "penetration tests". Most of the time, when working on a company internal network, we don't need any fancy attack technique or custom exploit. There exist much easier methods to get an initial foothold in the network and escalate your privileges in the Active Directory.

This Beer-Talk is a tale of lame ways to let your network be compromised. Anonymized examples and anecdotes from real engagements will be discussed. Some technical details as well as applicable remediations will be provided.

The easiest methods are often sufficient to compromise even big corporations, don't let yours be one of them!



Nicolas Heiniger is a happy husband and father of 3 kids. After some years in public health and at an IT service provider, he's now working at Compass Security where he is most interested in web applications and penetration testing. At night, he hacks for fun and bounty.



Thursday, September 27, 2018, start at 18.00



Come meet us, enjoy the talk and the free beer and snack.

Please register with your first name, surname and enterprise name with the subject "Vaduz" at

Registrations accepted until Tuesday, September 25, 2018, 12.00



Image reference:


Was ist Pentesting?

Die Post hat ihr e-Voting-System für einen öffentlichen Hacker-Test zur Verfügung gestellt. Dieses Vorgehen löste zahlreichen Diskussionen aus. Radio... Weiterlesen

Schwachstellen in Voyager

Fabio Poloni hat mehrere Schwachstellen in Voyager (Laravel Admin Package) identifiziert. Weiterlesen

Firmen hacken sich selbst

Die «Handelszeitung» widmet in ihrer letzten Ausgabe der "Digitalen Innovation" einen Extrabund. Darin sind auch Cyberrisiken und Penetrations Test... Weiterlesen


Compass Security Blog

XSS worm – A creative use of web application vulnerability

In my free time, I like to do some bug bounty hunting. For some reasons, I’ve been doing this almost exclusively for Swisscom. One of the reason is that the scope is very broad and I like to have this... mehr

Substitutable Message Service

Have you ever said something and later regretted it? Or written an email to someone and then wished it had not happened? Or sent an SMS message but afterward desired to change its content? Well,... mehr