MCTTP – Munich Cyber Tactics Techniques and Procedures

Benedikt Strobl, Tech Lead at NSIDE ATTACK LOGIC

Tobias Wicke, Senior Red Teamer @ NSIDE ATTACK LOGIC

Benedikt Strobl is Tech Lead and Red Teamer at NSIDE ATTACK LOGIC GmbH, an offensive IT security company based in Munich. With 10 years of experience in red team engagements, Benedikt has primarily focused on the security of internal networks, Windows environments, Active Directory, and Microsoft cloud services. This expertise is reflected in his certifications (OSCP, CRTE, CARTE, AZ-500).

Tobias Wicke is a senior Red Teamer at NSIDE ATTACK LOGIC GmbH. He focuses on Malware Development, EDR Evasion, Active Directory and lately cloud topics (AWS, Azure/Entra and Kubernetes).

In his five years of full time experience, he had the chance lead a platitude of Red Teams in different sectors like Finance, Telecommunications or Critical Infratsructure.

talks & Q&A

Bridging Worlds, Expanding Risk: Security Insights into Azure Arc

Description:

Azure Arc is rapidly redefining how organizations extend cloud control planes into on-premises and hybrid environments. While this unlocks powerful management capabilities, it also introduces new and often overlooked attack surfaces that blur traditional security boundaries.

This talk examines Azure Arc from an offensive security perspective, highlighting novel attack paths that emerge from its close interweaving of Windows, Active Directory, and cloud identity systems. We will explore how trust relationships, control plane interactions, and misaligned security concepts can be abused to achieve lateral movement, privilege escalation, and persistence across hybrid environments.

Beyond offensive techniques, the session will address the challenges defenders face when monitoring and securing Azure Arc deployments. We will discuss visibility gaps, detection limitations, and common pitfalls in current defensive strategies.

Attendees will gain a clear, high-level understanding of the security implications Azure Arc introduces to enterprise environments, along with actionable insights to adapt security architectures, detection strategies, and risk management approaches accordingly.