Security
A series of unfortunate security flaws led to domain compromise
Frank Karlstrøm
Become a more securityfocused developer that aims to produce as secure code as possible by looking at your code from an attackers perspective.
Fortunately this was discovered by pentesters before actual hackers, thus in this talk you will get a walkthrough of the part of the attackchain used to go from an unauthenticated remote attacker all the way to owning the entire companys domain with all the servers.
The focus will be on the initial compromise that used a series of flaws to gain access to the main database server, explaining how an attacker thinks and what they actually do, while on the other side, what a developer should think and do.
The session will be a live attack demonstration using a small subset of the tools an attacker would use, targeting an application similar to the actual customer with similar flaws.
With over 20 years of development experience and a robust background in cybersecurity, I am an OSWE, OSCP and ISO 27001 Lead Implementer specializing in penetration testing. My expertise extends to auditing, advising, and implementing Secure Software Development Lifecycle frameworks, ensuring robust security measures are integrated into software development processes.
Frank Karlstrøm