The MWR Briefing: London

Friday, January 26, 2018 19 months ago 09:00 - 17:00

We’ll hold the first UK Briefing of 2019 in January where we will be presenting our research and insight on managing risks posed by cloud, mainframes, targeted software and supply-chain attacks.

Register early to reserve your place – by invitation only

Calendar

This MWR Briefing has passed, but you can sign up to be notified of future events, or register for another of our upcoming events by visiting our MWR Briefings page.

Agenda and presentation topics

Automating your Security in the Cloud - Nick Jones

As modern business is increasingly moving to the cloud, we're seeing more and more damaging effects from cloud-based attacks. However, much of this can be solved easily through automation and a fresh approach to enforce secure defaults. We'll give guidance on developing a strategy to cover Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and hybrid deployments within both AWS and Azure. We'll also share our research on automated techniques for assessing attack detection capability in the cloud.

Demystifying Cloud Forensics - Callum Roxan

The benefits of pay-as-you-go cloud infrastructure have led organizations to move significant chunks of their infrastructure to the cloud. This has changed the security paradigm, but has not prevented breaches and the need for forensic investigations within the cloud. How do you capture artefacts from or isolate a host you have no physical access to? This talk shall demystify many of the common misconceptions and show how any organisation can easily prepare their business to respond quickly to incidents in the cloud, and talk through some of the common best practices the MWR Incident Response team have developed to operate in this area.

An Ice-Cold Boot to Break BitLocker - Olle Segerdahl

A decade ago, academic researchers demonstrated how computer memory remanence could be used to defeat popular disk encryption systems. Today, most seem to believe that these attacks are too impractical for real world use. This talk will demonstrate techniques that allow recovery of BitLocker encryption keys from RAM on most, if not all, currently available laptops and tablets. These techniques allow bypassing of security controls such as password protected BIOS configuration, UEFI-based Secure Boot and the TCG Platform Reset Attack Mitigation by directly manipulating the firmware storage device.

Modern Mainframe Security - Pierrick Smet

Securing your mainframe is critical - this black box has been sitting on the network for years processing a large amount of sensitive data. You may not have looked at this for years, but it’s still just another technology, and like everything, you need to understand the security around it. We'll share our experience testing mainframe environments and the critical applications running on them. From this, we will share key recommendations to ensure access to your mainframes as well as the applications they host is appropriate to meet today's security challenges.

Detecting Attacks in Office 365 - Alex Davies

The majority of businesses today are moving to Office365, and consequently are keen to mitigate the associated risks. Based on our experience helping clients secure their O365 environments, we’ll give insight into the current threats we’re seeing, ways to avoid getting breached and how to threat hunt effectively. We’ll advise on what data sets to look at, effective use cases and anomalies commonly encountered, and our recommendations for how to implement detection and prevention based on real-world attacks.

Attack Aware Applications - Matthew Pendlebury and Calum Hall

Attack aware applications offer a compelling vision of deeply integrated security that works with the DevSecOps model. Attack aware applications can save you significant time and money on later stage testing through building security into existing applications without having to start from scratch. Rather building a firewall around them, applications can have their own anomaly and intrusion detection power. We’ll explain how to adapt open source code from the tool AppSensor to enhance the security around your own applications and we'll share best practice suggestions for standardizing the AppSensor detection points.

Specialist Software as a Target - Tim Carrington

Widely used software has long been a target for attacks – MSOffice attacks are so prevalent even general users understand the risks of enabling macros. However, less is known about attack techniques focused on specialist, industry specific solutions, and how to protect from these. We’ll share our research how large enterprise software can contain enough native functionality to facilitate a full compromise of an organisation, using AutoCad as a case study. Beyond this case study, we’ll demonstrate how legitimate functionality can be leveraged across the various stages of an attack, in seemingly low-risk software. We’ll share best practices when assessing the perceived threats within your organization and guidance on mitigating the risks.

 

 

 

 

 

What is the MWR Briefing?

MWR Briefings challenge perceptions and offer insights into the fast-paced arena of information security.

 

+ learn more

Home featured
Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.