19 - 20 SEPTEMBER 2018 / Stockholmsmässan

Cyber Threat Protection Theatre

Thu 21th Sep 14:50 to 15:20

From APK to Golden Ticket: How we Became Domain Admins through a Secretary’s Phone

In this session, Giuseppe Trotta will show how he got full access to a company’s corporate network by breaking in to an Android device…belonging to the receptionist. Using freely available information about the receptionist, he succeeded in luring her in to downloading an APK file with a reverse shell. With full access to the phone, he connected to the guest Wi-Fi of the company, and exploited unsafe configurations on the network to gain full access to the internal corporate network, including persistent access through domain admin credentials.

What you will take away from this session

  • (Un)secure network configuration – and how wrong it can go
  • The dangers of employees using their private devices at the office
  • Bad system management – compromising one server to rule them all
  • Using native Windows tools to become "invisible"

Speakers

Photo Speaker Name Profile
Giuseppe Trotta Giuseppe Trotta View Profile
Top