Imago Techmedia Ltd is registered in England and Wales under Company No. 04865455. VAT No. GB 843 8456 01
Registered Office: Bedford House, Fulham Green, 69-79 Fulham High Street, London, SW6 3JW, United Kingdom
Business Address: Imago Techmedia, 2C Bedford House, Fulham Green, 69-79 Fulham High Street, London, SW6 3JW, United Kingdom
Imago Techmedia Sweden, Nod, Borgarfjordsgatan 12, Kista, Stockholm, Sweden
Imago Techmedia is a subsidiary of Clarion Events Limited
Cyber Threat Protection Theatre
Thu 21th Sep 14:50 to 15:20
From APK to Golden Ticket: How we Became Domain Admins through a Secretary’s Phone
In this session, Giuseppe Trotta will show how he got full access to a company’s corporate network by breaking in to an Android device…belonging to the receptionist. Using freely available information about the receptionist, he succeeded in luring her in to downloading an APK file with a reverse shell. With full access to the phone, he connected to the guest Wi-Fi of the company, and exploited unsafe configurations on the network to gain full access to the internal corporate network, including persistent access through domain admin credentials.
What you will take away from this session
- (Un)secure network configuration – and how wrong it can go
- The dangers of employees using their private devices at the office
- Bad system management – compromising one server to rule them all
- Using native Windows tools to become "invisible"
|Giuseppe Trotta||View Profile|