SyScan 2015

Thursday, March 26, 2015 2 years ago ,

SyScan is a deep knowledge technical security conference in Singapore. This year, MWR will be sharing the latest Windows 0-days and providing Android Security training.

Calendar

We’re pleased to be attending SyScan again this year and are even more pleased to be presenting our latest research on Windows Group Policy for the first time publicly. In addition to this exciting talk, MWR will also be offering a training course on Android Security.

Event Description

The Symposium on Security for Asia Network (SyScan) aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan is not a product or vendor conference that is sales and marketing oriented, SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.

SyScan 2015 website

Talks presented by MWR

Topic: How to own any windows network via group policy hijacking attacks
Speaker: Luke Jennings

Abstract:
Group Policy is a key central management technology component of Microsoft Windows domain-based networks. Its power, flexibility, scalability and ease-of-use are probably one of the key reasons that Microsoft Windows has maintained complete dominance in the business desktop market in spite of significant competition in the consumer market by Apple and Google. However, with great power comes great responsibility (Could. Not. Resist.)

This talk will demonstrate how an attacker with the ability to intercept network traffic can gain SYSTEM level code execution on any domain member within a windows domain in default configuration up to and including Windows 8.1/2012R2. Additionally, two specific vulnerabilities will be described that allow this attack to work even when using more secure configuration options, such as those available via Microsoft Security Compliance Manager.

You can register for tickets to SyScan 2015 here

Android Security Training Course

The Android Security Training gives you hands on experience in identifying and exploiting the latest categories of vulnerabilities against modern Android applications. Experienced Android security researchers will guide you through a range of applications based on real world examples. You’ll use the latest testing tools to assess, unravel and exploit applications, and learn about vulnerability classes unique to Android. The course has been tried and tested at multiple security conferences, however we’ve added a full day of new content, just for Syscan attendees!

You will learn:
- To analyze applications from an attacker’s perspective
- To understand the latest attack vectors against Android applications
- The limitations of the Android security model and how to mitigate those risks
- To perform black box security assessments against real world applications using the latest tools
- To produce proof of concept exploits against a range of Android vulnerabilities

For more details or to book this training session click here

 

 

Accreditations

As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
We are certified in the ISO 9001 quality management system (QMS) in the UK, ensuring reliable delivery of our products and services.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR are approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.