Security BSides - London

Tuesday, April 29, 2014 5 years ago ,

For the third year running MWR is proud to sponsor Security Bsides London

As a company we invest heavily in knowledge sharing and believe that events such as BSides London are invaluable to the community, providing a platform for discussion on the latest thinking and research in the InfoSec arena.

Talks spread across two tracks, attendees can also expect workshops, challenges, a rookie track as well as the legendary MWR after party!

Try your hand at Mission 3: The Geo-Cracker, developed by MWR’s Rob Miller.

Mission Overview:
Enemy spies are broadcasting encrypted coordinates of our key agents and installations! Analyse the enemy’s encryption algorithm and develop an efficient decryptor that will allow us to determine agents at risk in the field.

The competition has now closed – for results please see the Bsides Website

We are also proud to announce that Jon Butler and Rob Miller will be presenting at BSides, below are details of their presentations.

Poor Man’s Static Analysis – Jon Butler

When you’re hunting for bugs, let’s face it – grepping for strcpy just doesn’t cut it anymore. Instead of waiting for unsafe memory management functions to come back into fashion like moustaches or mustard coloured corduroys, I decided to check in with ""the future"", and see what it had to offer me.

What I found was a sea of similarly puzzled individuals, bizarre terminology, and a number of code snippets that would only compile on specific, different versions of libraries. So I set about piecing together what I could, and ended up producing a working tool in a fairly short period of time.

This talk shows what can be achieved if you want to build static analysis tools, and you don’t want to spend a load of money or upload all your precious code to “the cloud”. I will be making sense of the complex terminology surrounding this field, and detailing my struggles and conquests building a fast, flexible, and most importantly usable static analysis tool, all for free.

If you’re interested, but you wouldn’t know a TranslationUnit from a bar of soap, this is the talk for you!

Insecure out of the box: Leveraging Android manufacturer’s mistakes to attack corporate networks – Rob MIller

We have long known that Android can be affected by malware. Most users are now aware that they need to take care about what they install on their phones. But what about a brand new device that’s fresh out of the box? We will show that for two flagship Android devices, they are not as secure as people might suppose.

Android has been through a security revolution in the last year in response to an avalanche of malware designed to take advantage of its permissive behaviour. We will talk through the latest advances in what is by far the world quickest selling mobile platform. We will then look at how the race for new features and functionality is undermining security in the latest Android devices.

Finally we will look at how attackers can use these weaknesses to go beyond the realm of a person’s personal device and into their employer’s corporate network.

Keep up to date @mwrinfosecurity or @BSidesLondon



Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.