Beer-Talk #17 in Bern: Lazy ways to own networks

Not every attack technique has to be fancy. Often simple methods are successful too. We will show you some of them at our next Beer-Talk in Bern, on September 20, 2018.


This Beer-Talk is divided in a technical presentation (in english) of about 45 minutes followed by discussions over a light meal. The participation is free but a registration is required.



Compass Security performs many internal network security tests, so called "penetration tests". Most of the time, when working on a company internal network, we don't need any fancy attack technique or custom exploit. There exist much easier methods to get an initial foothold in the network and escalate your privileges in the Active Directory.

This Beer-Talk is a tale of lame ways to let your network be compromised. Anonymized examples and anecdotes from real engagements will be discussed. Some technical details as well as applicable remediations will be provided.

The easiest methods are often sufficient to compromise even big corporations, don't let yours be one of them!



Nicolas Heiniger is a happy husband and father of 3 kids. After some years in public health and at an IT service provider, he's now working at Compass Security where he is most interested in web applications and penetration testing. At night, he hacks for fun and bounty.



Thursday, September 20, 2018, start at 18.00

Atelier Bollwerkstadt, Bollwerk 35, 3011 Bern



Come meet us, enjoy the talk and the free beer and snack.

Please register with your first name, surname and enterprise name with the subject "Bern" at

Registrations accepted until Tuesday, September 18, 2018, 12.00



Image reference:


Schwachstelle im mod_auth_openidc Modul

Mischa Bachmann hat eine Reflected Cross-Site Scripting (XSS) Schwachstelle im mod_auth_openidc Modul für den Apache 2.x HTTP Server identifiziert. Weiterlesen

Compass betreut wissenschaftliche Arbeiten

Compass Security betreut Studierende, die anlässlich ihres Bachelor- oder Masterstudiums eine wissenschaftliche Arbeit mit dem Schwerpunkt IT Security... Weiterlesen

Schwachstelle im Webinterface der Siemens SICAM A8000 Series

Emanuel Duss und Nicolas Heiniger haben eine XXE Schwachstelle im Webinterface der Siemens SICAM A8000 Series identifiziert. Weiterlesen


Compass Security Blog

XSS worm – A creative use of web application vulnerability

In my free time, I like to do some bug bounty hunting. For some reasons, I’ve been doing this almost exclusively for Swisscom. One of the reason is that the scope is very broad and I like to have this... mehr

Substitutable Message Service

Have you ever said something and later regretted it? Or written an email to someone and then wished it had not happened? Or sent an SMS message but afterward desired to change its content? Well,... mehr