Friday, January 26, 2018 19 months ago 09:00 - 17:00
We’ll hold the first UK Briefing of 2019 in January where we will be presenting our research and insight on managing risks posed by cloud, mainframes, targeted software and supply-chain attacks.
Register early to reserve your place – by invitation only
As modern business is increasingly moving to the cloud, we're seeing more and more damaging effects from cloud-based attacks. However, much of this can be solved easily through automation and a fresh approach to enforce secure defaults. We'll give guidance on developing a strategy to cover Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and hybrid deployments within both AWS and Azure. We'll also share our research on automated techniques for assessing attack detection capability in the cloud.
The benefits of pay-as-you-go cloud infrastructure have led organizations to move significant chunks of their infrastructure to the cloud. This has changed the security paradigm, but has not prevented breaches and the need for forensic investigations within the cloud. How do you capture artefacts from or isolate a host you have no physical access to? This talk shall demystify many of the common misconceptions and show how any organisation can easily prepare their business to respond quickly to incidents in the cloud, and talk through some of the common best practices the MWR Incident Response team have developed to operate in this area.
A decade ago, academic researchers demonstrated how computer memory remanence could be used to defeat popular disk encryption systems. Today, most seem to believe that these attacks are too impractical for real world use. This talk will demonstrate techniques that allow recovery of BitLocker encryption keys from RAM on most, if not all, currently available laptops and tablets. These techniques allow bypassing of security controls such as password protected BIOS configuration, UEFI-based Secure Boot and the TCG Platform Reset Attack Mitigation by directly manipulating the firmware storage device.
Securing your mainframe is critical - this black box has been sitting on the network for years processing a large amount of sensitive data. You may not have looked at this for years, but it’s still just another technology, and like everything, you need to understand the security around it. We'll share our experience testing mainframe environments and the critical applications running on them. From this, we will share key recommendations to ensure access to your mainframes as well as the applications they host is appropriate to meet today's security challenges.
The majority of businesses today are moving to Office365, and consequently are keen to mitigate the associated risks. Based on our experience helping clients secure their O365 environments, we’ll give insight into the current threats we’re seeing, ways to avoid getting breached and how to threat hunt effectively. We’ll advise on what data sets to look at, effective use cases and anomalies commonly encountered, and our recommendations for how to implement detection and prevention based on real-world attacks.
Attack aware applications offer a compelling vision of deeply integrated security that works with the DevSecOps model. Attack aware applications can save you significant time and money on later stage testing through building security into existing applications without having to start from scratch. Rather building a firewall around them, applications can have their own anomaly and intrusion detection power. We’ll explain how to adapt open source code from the tool AppSensor to enhance the security around your own applications and we'll share best practice suggestions for standardizing the AppSensor detection points.
Widely used software has long been a target for attacks – MSOffice attacks are so prevalent even general users understand the risks of enabling macros. However, less is known about attack techniques focused on specialist, industry specific solutions, and how to protect from these. We’ll share our research how large enterprise software can contain enough native functionality to facilitate a full compromise of an organisation, using AutoCad as a case study. Beyond this case study, we’ll demonstrate how legitimate functionality can be leveraged across the various stages of an attack, in seemingly low-risk software. We’ll share best practices when assessing the perceived threats within your organization and guidance on mitigating the risks.