Null Singapore

Wednesday, April 27, 2016 13 months ago Singapore, Singapore

MWR is pleased to announce that Benjamin Harris will be presenting at Null Singapore on the vulnerabilities found in Trend Micro.

Event Description

Null meets are free for anyone to attend. Just come with an open mind and a willingness to share and learn.

Talk presented by MWR

  • Time: 18:45:00
  • Room: KPMG Clubhouse
  • Topic: Trend Micro - All Seeing Eye
  • Speakers: Benjamin Harris
  • Description: As we move into an increasingly security-conscious world, organizations are purchasing solutions and tools to simplify and automate parts of their day to day activities, in the form of security software. This software comes in many guises, such as anti-virus, endpoint security, SIEMs and firewalls. This software is regularly assumed to be robust and secure, given its purpose, and is thus overlooked when implementing in an enterprise environment from a security review perspective.

    During a recent red team engagement with a global client, it was observed that a host intrusion detection solution had been deployed across the entire estate to monitor for signs of compromise. The assessment team theorized that a vulnerability in this software could allow an attacker to compromise the entire network rapidly, or gain access to a significant amount of sensitive information which could be manipulated to hide signs of a compromise within a centralized management interface. Following this thought process, an industry recognized piece of software was chosen to be the subject of a piece of research and work was begun on the 6 hour flight back to Singapore. By the end of this flight, remote command execution as NT AUTHORITY/SYSTEM had been obtained in the management interface, allowing the focus to move to the endpoint client.

    In this talk we will discuss the vulnerabilities identified in the management interface alone, and how they were identified. We will discuss what should be done when choosing a security solution, and what considerations should be made to ensure that you are not significantly increasing the risk to your organization.

 

 

Registration

You can register for tickets here.

Accreditations

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.