44CON

Wednesday, September 13, 2017 in 26 days London, UK

We are delighted to announce that we are running two presentations and a workshop at this year's 44CON.

Calendar

Event Description 

44CON are Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

Talks presented by MWR

  • Date: TBC
  • Time: TBC
  • Room: TBC
  • Topic: Biting the Apple that feeds you – macOS Kernel Fuzzing
  • Speakers: Alex Plaskett and James Loureiro
  • Description: 

This talk details the use of MWR’s platform agnostic kernel fuzzing techniques to automatically identify critical flaws within Apple macOS.

This talk will focus on how the researchers approached developing fuzzing automation to test the core subsystems of the XNU kernel and the insights gained, and also highlight architectural differences between other supported platforms which had to be addressed during this work.

The old adage of ‘different fuzzers find different bugs’ will also be explored, as we looked into the effectiveness of using targeted fuzzing for specific components considered most likely to yield vulnerabilities.  

An in-memory fuzzer based on a combination of static and dynamic analysis was also constructed to target these components with the aim to achieve greater code coverage, efficiency and to allow attacks on other privileged components within macOS via IPC.

Finally we will discuss the issues discovered by the fuzzers and highlight future improvements which could be made to the tooling going forward to increase coverage and effectiveness.

Various tools used during the research will be released after the talk.

  • Date: TBC
  • Time: TBC
  • Room: TBC
  • Topic: Persisting with Microsoft Office: Abusing Extensibility Options
  • Speakers: William Knowles
  • Description: 

    One software product that red teamers will almost certainly find on any compromised workstation is Microsoft Office. This talk will discuss the ways that native functionality within Office can be abused to obtain persistence.

    A wide range of techniques for abusing various add-in mechanisms will be covered. Each persistence mechanism will be discussed in terms of its relative advantages and disadvantages for red teamers. In particular, with regards to their complexity to deploy, privilege requirements, and applicability to Virtual Desktop Infrastructure (VDI) environments which hinder the use of many traditional persistence mechanisms.

    The talk will finish with approaches to detection and prevention of these persistence mechanisms.

Workshop presented by MWR

  • Date: TBC

  • Time: TBC
  • Room: TBC
  • Topic: UAC 0day, all day!
  • Speakers: Ruben Boonen
  • Description: This workshop is available to attendees of all levels, however, a basic familiarity with Process Monitor and the Windows API are recommended. The workshop will provide the required knowledge to find, analyze and exploit process workflows which allow an attacker to elevate their privileges from Medium to High integrity. The workshop is divided into the following sections.
  • Auto-Elevation:

    • Identifying auto-elevating processes
    • Analyzing process workflows
    • Finding UAC bypass targets

    Elevated File Operations:

    • Using the IFileOperation COM object
    • Tricking the Process Status API (PSAPI)

    Getting UAC 0day (Pre RS2):

    Looking forward:

    • Triaging Windows 10 Redstone 2
    • Leaving IFileOperation behind
    • COM objects & Fileless elevation​

    The workshop has intense hands-on labs where attendees will put the theory into practice. After attending you will immediately be able to apply this knowledge in the field. The next time someone tells you the default UAC settings are sufficient you will be able to set them straight!

 

 

 

Registration

You can register for tickets here.

Get tickets

Accreditations

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.