Beer-Talk #17 in Bern: Lazy ways to own networks

Not every attack technique has to be fancy. Often simple methods are successful too. We will show you some of them at our next Beer-Talk in Bern, on September 20, 2018.


This Beer-Talk is divided in a technical presentation (in english) of about 45 minutes followed by discussions over a light meal. The participation is free but a registration is required.



Compass Security performs many internal network security tests, so called "penetration tests". Most of the time, when working on a company internal network, we don't need any fancy attack technique or custom exploit. There exist much easier methods to get an initial foothold in the network and escalate your privileges in the Active Directory.

This Beer-Talk is a tale of lame ways to let your network be compromised. Anonymized examples and anecdotes from real engagements will be discussed. Some technical details as well as applicable remediations will be provided.

The easiest methods are often sufficient to compromise even big corporations, don't let yours be one of them!



Nicolas Heiniger is a happy husband and father of 3 kids. After some years in public health and at an IT service provider, he's now working at Compass Security where he is most interested in web applications and penetration testing. At night, he hacks for fun and bounty.



Thursday, September 20, 2018, start at 18.00

Atelier Bollwerkstadt, Bollwerk 35, 3011 Bern



Come meet us, enjoy the talk and the free beer and snack.

Please register with your first name, surname and enterprise name with the subject "Bern" at

Registrations accepted until Tuesday, September 18, 2018, 12.00



Image reference:


it-sa 2018 - ein Blick zurück

Auch in diesem Jahr war die Teilnahme an der it-sa für Compass Security in jeder Hinsicht ein voller Erfolg. Weiterlesen

Cross-Site Scripting Schwachstelle in Abacus

Stephan Sekula hat eine Reflected Cross-Site Scripting Schwachstelle in Abacus identifiziert. Weiterlesen

Schwachstelle in VMware AirWatch iOS Applikationen

Stephan Sekula hat eine Schwachstelle in den VMware AirWatch iOS Applikationen identifiziert. Weiterlesen


Compass Security Blog

Hidden Inbox Rules in Microsoft Exchange

Contents Introduction Attack Overview Step-by-Step Detection Email Clients Administration Tools Exchange Compliance Features MAPI Editor Eradication Microsoft Security Response Center Swiss Cyber... mehr

Area41 2018 Wrap Up

Introduction Last Friday and Saturday (15./16. June 2018), the 6th edition of the security conference Area41 (formerly Hashdays, organized by DEFCON Switzerland... mehr