Back to top

Important Notice: Workshops are limited to 25 participants, first come first served at the registration desk on the 29th, 15 minutes before each workshop. Check the requirements so you're prepared.


Offline Attacks on Active Directory (29th November @ 10:30)

Get hands-on experience with extracting and auditing passwords from Active Directory (AD) databases and with offline modification of security information in AD.

Limiting access to domain controller hard drives has always been an important aspect of keeping Active Directory secure. However, this task has become more complex in today’s era of virtualization and cloud computing.

Come and discover the endless possibilities that would open to malicious attackers and insiders by gaining read/write access to either a physical or virtual hard drive of a DC containing its ntds.dit database file. We will perform Active Directory password auditing against HaveIBeenPwned, offline password resets, group membership changes and SID history injection and extract DPAPI backup keys, roamed private keys and KDS root keys.

Workshop Requirements

Attendees need to bring their own notebooks with Windows 7 or newer operating system installed either on the physical computer itself or in a virtual machine. Detailed software requirements and lab materials are available at!Ah1NVj_AudV4ifp0zX9ThHj5i5inBg?e=gEFEgZ

How to fit threat modelling into continuous security (29th November @ 13:30)

The earlier in the lifecycle you pay attention to security, the better are the outcomes. Threat modelling is one of the best techniques for improving the security of your software. It is a structured method for identifying weaknesses on design level.
However, people who want to introduce it into their work on existing codebase often face time pressure and very rarely can a company afford “security push”, where all new development stops for a while in order to focus on security. **Incremental threat modelling that concentrates on current additions and modifications can be time-boxed to fit the tightest of agile life-cycles and still deliver security benefits.** Full disclosure is necessary at this point – threat modelling is not the same as adding tests to the ball of mud codebase and eventually getting decent test coverage. You will not be able to get away with doing just incremental modelling, without tackling the whole picture at some point. But the good news are you will approach this point with more mature skills from getting the practice, and you will get a better overall model with less time spent than if you tried to build it upfront.

We will cover the technique of incremental threat modelling, and then the workshop will split into several teams, each one modelling an addition of a new feature to a realistic architecture.

The participants will learn how to find the threats relevant to the feature while keeping the activity focused (i.e. not trying to boil an ocean). This session targets mainly blue teamers, as well as software developers, qa engineers, and architects; but will be also beneficial for scrum masters and product owners.