BSIDES London 2015

Wednesday, June 3, 2015 4 years ago ,

MWR is pleased to be the Platinum Sponsors of BSIDES 2015, where we will be presenting and hosting the MWR after party this year!

As a company we invest heavily in knowledge sharing and believe that events such as BSIDES London are invaluable to the community, providing a platform for discussion on the latest thinking and research in the InfoSec arena.

MWR is pleased to be the Platinum Sponsors of BSIDES 2015, we will be presenting and hosting the MWR after party this year!

Talks presented by MWR

Topic: Why Bother Assessing Popular Software?
Speaker: James Loureiro & David Middlehurst

Many popular software packages have gone through many iterations of white and black box testing raising the bar for attackers. Over time the security controls become more effective, however these software packages have large evolving attack surfaces.

In this talk we discuss a case study which includes how we approached assessing Adobe Reader, how we made progress and why it is worth investing the time and effort on targets such as this. We discuss fuzzing, the sandbox and delve into the Javascript API. A refreshing look into how we can make a difference by looking at complex targets.

MWR’s Mike Auty and Matt Hillman has created a challenge this year, have a go at solving the challenge to win a prize!

Challenge Overview:

A piece of malware was recently discovered on a challenge writer’s laptop! Realising that the damage was already done, they swiftly disconnected the laptop from the internet and proceeded to take a memory image of the machine, and turn it into a challenge! Your goal is to analyse the memory image to identify the malware, and then isolate it so that you can analyse it in IDA Freeware and using all the information available to you, discover the URL the malware uses to inform its dark overlords of its existence. Good Luck!

There will also be challenges on the day developed by MWR’s Andy Mabbitt.

Challenge Overview:

Due to popular demand, the MWR beer fridge is back this year! All you need to do is bring your laptop, connect it to our server and solve the challenge. The challenge will involve solving a series of web applications to gain control to a SCADA based scenario and ultimately obtaining the code to unlock the fridge and release the beer.

BSIDES London 2015 website



Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.