MRMCD 2024

MRMCD 2024

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Sergej Schmidt

Sergej Schmidt is a senior security consultant at WALLSEC GmbH. He conducts pentests and is regularly involved in detection engineering and SOC automation projects. His non-linear path started more than a dozen years ago at a small consultancy company, then going back to university, only to find himself in large enterprises at the end. While doing his Masters he spent two years with research on automated binary reversing. Most of his career his areas were pentesting of network infrastructures, build systems, web and mobile applications.
Before his current job, he spent multiple years at the defenders' side as an incident responder with a focus on Linux security monitoring and detection engineering.


Sessions

03.10
21:00
119min
Hacker Jeopardy
Sergej Schmidt, Ferdi

Dauer der Fahrt ist 120-150min.

Eine beliebtes Unterhaltungsprogramm auf allen Weltmeeren. Hackerjeopardy ist ein bisschen wie Schiffe versenken. Aber halt ein bisschen anders... der Spaß für die ganze Familie, von klein bis groß, von nüchtern bis für eine Konferenz in akzeptablem Maße angetrunken. Dieses Mal findet das Hacker Jeopardy seinen Platz auf dem MRMCD.

Dauer 120-150min

C205 - Ocean Starr
06.10
13:00
50min
Network File System Security
Sergej Schmidt

The Network File System was developed by Sun and its protocol version 2 was published to the public in 1989. The assumptions about networks date back to the same era. Still, it is widely used in corporate networks or universities. It is a scalable way to implement network shares, especially in Unix/Linux environments it is often used to mount home directories across large IT landscapes. While there are ways to implement encryption and access controls in a (more) secure manner with Kerberos, many enterprises do not. Furthermore, most operators do not understand the security model of the NFS protocol. In this talk we will talk about the security misconceptions of NFS and how to exploit them.

C205 - Ocean Starr