Beer-Talk #1 in Vaduz: Lazy ways to own networks

Not every attack technique has to be fancy. Often simple methods are successful too. We will show you some of them at our frist Beer-Talk in Vaduz, on September 27, 2018.

This Beer-Talk is divided in a technical presentation (in english) of about 45 minutes followed by discussions over a light meal. The participation is free but a registration is required.



Compass Security performs many internal network security tests, so called "penetration tests". Most of the time, when working on a company internal network, we don't need any fancy attack technique or custom exploit. There exist much easier methods to get an initial foothold in the network and escalate your privileges in the Active Directory.

This Beer-Talk is a tale of lame ways to let your network be compromised. Anonymized examples and anecdotes from real engagements will be discussed. Some technical details as well as applicable remediations will be provided.

The easiest methods are often sufficient to compromise even big corporations, don't let yours be one of them!



Nicolas Heiniger is a happy husband and father of 3 kids. After some years in public health and at an IT service provider, he's now working at Compass Security where he is most interested in web applications and penetration testing. At night, he hacks for fun and bounty.



Thursday, September 27, 2018, start at 18.00



Come meet us, enjoy the talk and the free beer and snack.

Please register with your first name, surname and enterprise name with the subject "Vaduz" at

Registrations accepted until Tuesday, September 25, 2018, 12.00



Image reference:


Schnelle und kompetente Unterstützung bei Cyber Vorfällen

Die Redaktion der UnternehmerZeitung hat das Thema Cyber Security erneut aufgegriffen und beleuchtet in einem Interview, wie sich die Zusammenarbeit... Weiterlesen

Schwachstelle im HADatAc Framework

Lukasz D. hat eine Schwachstelle im Human-Aware Data Acquisition (HADatAc) Framework identifiziert welche die Ausführung von beliebigem Code... Weiterlesen

HSR Chancen und Risiken der Digitalisierung – der Arbeitsmarkt in der ICT Branche

In der Fortbildungsveranstaltung BSLB / RAV / IV der HSR Hochschule für Technik wird das Thema „Chancen und Risiken der Digitalisierung und der... Weiterlesen


Compass Security Blog

Substitutable Message Service

Have you ever said something and later regretted it? Or written an email to someone and then wished it had not happened? Or sent an SMS message but afterward desired to change its content? Well,... mehr

Hidden Inbox Rules in Microsoft Exchange

Contents Introduction Attack Overview Step-by-Step Detection Email Clients Administration Tools Exchange Compliance Features MAPI Editor Eradication Microsoft Security Response Center Swiss Cyber... mehr