CRESTCon & IISP Congress

Wednesday, April 19, 2017 in 26 days London, UK

We are proud to announce that Chris Day and Stuart Morgan will be presenting at CRESTCon & IISP Congress this year.

Event Description

CRESTCon & IISP Congress is a unique event that brings together leading technical and business information security professionals. Now in its fifth year, the event has become a key date in the industry calendar, attracting an impressive line-up of speakers and over 400 senior delegates. This year the length of the day will be extended to incorporate further networking and entertainment. Delegates will include senior security, risk and compliance managers from a wide range of public and private sector organizations, along with security consultants and business directors working in the technical information assurance and response industry.

Talks presented by MWR

  • Time: 10:20 
  • Room: Lecture Room 1
  • Topic: Project Vision, Making Passive System Mapping Great Again
  • Speakers: Chris Day
  • Description:

    Knowing what you have can be a challenging problem. System diagrams can be outdated or non-existent, the person who knew the system has left or that latest acquisition means you now have another companies worth of assets to account for.

    Traditional active mapping techniques, while accurate, can be invasive, resource intensive to produce and typically rely on a single technique to produce enumeration results. For overloaded or fragile systems, such as SCADA / ICS environments, active techniques can introduce stability issues and the risk of downtime.

    Passive mapping techniques offer solutions to some of these issues but individual passive methods can be inaccurate or lacking information. It is true of both active and passive techniques that the tools available so far typically operate in the network domain and do not capture non-Ethernet communications.

    Project Vision is designed to overcome these issues by offering an adaptive system enumeration option capable of mapping network and non-network based systems. This presentation will share our experiences conducting system mapping and our methodology for fusing together active and passive data sources, including some novel sources of system information. This talk is intended to discuss the technical issues of system mapping, the benefits of a blended approach to system enumeration data and introduce MWR’s Vision enumeration tool with demonstrations of Vision’s capabilities.

 

  • Time: 15:40
  • Room: Lecture Room 1
  • Topic: Outlook Rulez and E-Mail Rocks!
  • Speakers: Stuart Morgan
  • Description: Every organization relies on e-mail as a primary business enabler. However, it can also be a vector for external compromise, support lateral movement, be leveraged as a stealthy back door and provide remote control of your computer to adversaries. This talk will show you how your e-mail system can be used and abused by targeted attackers.

 

 

Registration

You can register for tickets here.

Get tickets

Accreditations

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR are approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
As a Certified Simulated Attack Manager and Certified Simulated Attack Specialist, MWR are authorized by CREST to perform STAR penetration testing services.