Review: Our first meetup with Cybersecurity Region Stuttgart
1006769
wp-singular,post-template-default,single,single-post,postid-1006769,single-format-standard,wp-theme-bridge,wp-child-theme-bridge-child,bridge-core-3.3.4.6,metaslider-plugin,,qode-title-hidden,qode-child-theme-ver-1.0.0,qode-theme-ver-30.8.8.6,qode-theme-bridge,disabled_footer_top,qode_header_in_grid,qode-wpml-enabled,wpb-js-composer js-comp-ver-8.7.2,vc_responsive
Blog Headerbilder meetup

30 Sep Review: Our first meetup with Cybersecurity Region Stuttgart

Posted at 17:37h in Further Topics by

Wow, that was really cool! 🎉

In mid-September, we had the opportunity to host a meetup at TEAL for the very first time, together with the Cybersecurity Region Stuttgart Meetup (CSRSM). It was a real highlight for us: a full house, exciting discussions, and a great atmosphere.

The announcement said: “Secure your spot, get inspired, and expand your network in the cybersecurity community.” And that’s exactly how it was. Thank you to everyone who attended and helped make the evening a success!

Two keynote speeches that built on each other

Fabian 1

Fabian Böhm, co-founder and security architect at TEAL, kicked things off.

Topic: “Cyber hygiene – the underestimated security measure.” Fabian showed how companies can greatly improve their security situation with relatively simple but often neglected basics, from clean password concepts and tiering to consistent attack path management. His appeal to not only fix pentest findings in the short term, but to learn from them systematically, was particularly valuable.

His conclusion: Cyber hygiene sounds trivial, but it is the foundation on which everything else is built. Those who work cleanly here greatly reduce the risk of successful attacks.

Nina

Nina Wagner, co-founder and managing director of MindBytes GmbH, followed seamlessly with her presentation “Pentesting vs. Red Teaming: Targeted Detection of Vulnerabilities – Insights from Practice.”

She gave a vivid account of her work, explained the differences between the two approaches, and showed why red teaming is even closer to the reality of attack scenarios. Her practical examples were particularly exciting: how surprisingly quickly an internal pentest team can gain domain admin rights.

Security is not just about technology, but also about keeping an eye on people, processes, and structures. Thank you very much, Nina, for being there!

Three quick questions for Nina Wagner

We were particularly pleased that Nina answered three quick questions for our blog beforehand, and we don’t want to keep them from you:

1. Where does the greatest practical added value lie for companies in commissioning red teaming instead of a classic pentest?
“In red teaming, the incident response capabilities and processes (attack detection and defense) of the customer’s blue team/SOC team are put to the test. In contrast to a classic pentest, only a few people on the customer side are privy to red teaming. In addition to technical methods, social engineering techniques such as phishing and tailgating are typically used and combined. Overall, the focus is on the entire company – not just technology, but also people, buildings, and processes.”

2. Have there been any results in projects that have particularly surprised customers?
“Definitely. Once, during a pentest, I discovered a vulnerability on the internet that was essentially due to a ‘misunderstanding’ between several systems: it allowed me to access the VPN without any login credentials. That was actually a big surprise.

Especially in pentests of internal infrastructures with Active Directory, there are often surprises in how quickly we can obtain domain admin permissions in a pentest – and thus gain complete control over the AD.”

3. What best practices do you recommend companies follow to make lasting improvements after a pentest?
“For the vulnerabilities uncovered in a pentest, measures should be derived that will prevent this type of vulnerability from occurring in the future. The focus should not be on “putting out fires” for individual vulnerabilities, but on deriving and establishing preventive measures. In addition, it is often advisable to conduct a retest to verify whether the specific vulnerabilities identified in a pentest have been effectively remedied.”

Networking & good conversations

After the presentations, the event continued in a relaxed atmosphere with snacks and drinks. That’s what meetups are all about: networking, exchanging experiences, and enjoying the evening together. We got the impression that many new connections were made, and that’s what matters in the end.

Thank you, and see you next time!

Our conclusion: For us at TEAL, it was an all-around successful debut as hosts. Many thanks to the team at Cybersecurity Region Stuttgart Meetup for their cooperation and, of course, to all the participants who made the evening so lively. 🙌

We are already looking forward to the next opportunities to bring the Stuttgart cybersecurity community together.

<< Back

LATEST POSTS