Sergej Schmidt
Sergej Schmidt is a senior security consultant at WALLSEC GmbH. He conducts pentests and is regularly involved in detection engineering and SOC automation projects. His non-linear path started more than a dozen years ago at a small consultancy company, then going back to university, only to find himself in large enterprises at the end. While doing his Masters he spent two years with research on automated binary reversing. Most of his career his areas were pentesting of network infrastructures, build systems, web and mobile applications.
Before his current job, he spent multiple years at the defenders' side as an incident responder with a focus on Linux security monitoring and detection engineering.
Sessions
Dauer der Fahrt ist 120-150min.
Eine beliebtes Unterhaltungsprogramm auf allen Weltmeeren. Hackerjeopardy ist ein bisschen wie Schiffe versenken. Aber halt ein bisschen anders... der Spaß für die ganze Familie, von klein bis groß, von nüchtern bis für eine Konferenz in akzeptablem Maße angetrunken. Dieses Mal findet das Hacker Jeopardy seinen Platz auf dem MRMCD.
Dauer 120-150min
The Network File System was developed by Sun and its protocol version 2 was published to the public in 1989. The assumptions about networks date back to the same era. Still, it is widely used in corporate networks or universities. It is a scalable way to implement network shares, especially in Unix/Linux environments it is often used to mount home directories across large IT landscapes. While there are ways to implement encryption and access controls in a (more) secure manner with Kerberos, many enterprises do not. Furthermore, most operators do not understand the security model of the NFS protocol. In this talk we will talk about the security misconceptions of NFS and how to exploit them.