The MWR Briefing: London

Thursday, October 18, 2018 11 months ago 09:00 - 17:30 London

So far 2018 has seen fewer ransomware attacks and government leaks in the headlines compared to the first half of 2017 – but cyber attackers haven’t abated, they’ve simply evolved.

The corporate world remains subject to an increasing number of threat actors with continuously changing techniques. Security is the top priority for organisations facing the most highly targeted attacks from top-tier threats, such as nation-states and cyber-criminal organisations.

MWR’s October Briefing will focus on the interlinking nature of offensive and defensive security, how advances in defensive security drives adaptation and reinforces offensive security, and vice versa.

By invitation only – please contact with any questions.


Register your interest

This MWR Briefing has passed, but you can sign up to be notified of future events, or register for another of our upcoming events by visiting our MWR Briefings page.

Attendees will gain insight into the latest developments and attacker techniques, and also have the opportunity to network with peers and MWR’s experts. 

For the first time at a UK Briefing, attendees will have the opportunity to to use and experience Playground, MWR’s internal training environment.


  • The continuous assurance mind-set

    John Fitzpatrick

    Our UK MD John Fitzpatrick will open the day with insights from different approaches to security across industries and maturity levels. What security measures are the most forward-thinking organizations taking now, which will likely become trends in the future? How can you rebalance your security investment to focus on the things that matter? We'll share creative and innovative approaches we've seen working well in organizations. Where approaches have not worked as planned, we'll share our guidance for looking at security differently to reach a state of continuous assurance.

  • Findings from the malware labs

    Karmina Aquino

    Karmina from F-Secure Labs will introduce some of the additional insight MWR has gained from joining the F-Secure family. We’ll share a general overview of the prevalent malware threats affecting most users. We'll delve into the most common sources of infection, and we'll also share the emerging trends of the threat landscape.

  • Benchmark your pipeline security

    Alexandre Kaskasoli

    Software provides the digital platforms to run companies and the channels to reach customers – but security is essential to make it work. Late-stage testing causes delays and increasing costs, driving the shift to integrated security as part of development. However, the multitude of tools and lack of standards is often a source of confusion for companies seeking to hop on the DevSecOps wagon. We’ll share successful pipeline strategies we’ve seen designed to catch preventable issues before they reach production whilst enabling rapid deployments - including policies around Dockerfiles, dependency vulnerabilities, automated tests and deployments.

  • Planting the Red Forest for Active Directory

    Katie Knowles

    Active Directory (AD) is at the heart of (nearly) every enterprise attack. To combat this, Microsoft has released the ambitious Enhanced Security Administrative Environment (ESAE) or "Red Forest" AD system architecture. Upgrading to ESAE is worth the effort – it can eliminate the majority of common AD attack strategies... but what's the best approach to take? We’ll review the strategy and benefits behind implementing an ESAE environment in five manageable stages. We'll tackle a clear explanation of LAPS, PAW, PAM, and JEA/JIT on the road to ESAE, and how to avoid common pitfalls on the way.

  • Putting your data to (better) use

    Andrew Waugh

    Some of the most effective preventive controls are also the hardest to implement without causing excessive user impact. For example, application whitelisting is consistently classed as the most effective preventive control, but can be almost impossible to implement in an enterprise environment. However, as detection capabilities mature, we have more visibility of corporate estates than ever before. This talk proposes a new approach to identifying and mitigating risks whilst minimising limits on user behaviour, using data typically used to aid detection.

  • Red-team vs EDR control

    Jon Cave and Will Burgess

    An active endpoint detection and response (EDR) control on your estate will minimize your exposure to cyberattacks. But what happens when the top-tier of attackers find ways to get around those controls? Recent advances in EDR agents are forcing attackers (and MWR's red team) to adapt their tooling in order to remain undetected. We will share how MWR's red teamers are approaching these developments. This will include exploring methods of sidestepping memory analysis techniques and reducing execution of suspicious commands.

  • C2: the art of blending in

    Dave Hartley and William Knowles

    Recent advances in defensive tooling and SOC capability mean that malware using traditional Command and Control (C2) channels is now detected increasingly quickly. This talk will examine the changing landscape for attackers looking to use these channels, and for defenders looking to prevent them. For example, what are the trends in defensive tooling for the prevention and detection of C2 channels? What type of activity is being currently being detected? Finally, we'll share some of the technologies MWR has developed to evade C2 detection controls as part of our attack simulations.


What is the MWR Briefing?

MWR Briefings challenge perceptions and offer insights into the fast-paced arena of information security.


+ learn more

Home featured
Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.