The MWR Briefing: London, May 2019

Thursday, May 23, 2019 4 months ago 09:00 - 20:00 London

We are looking forward to our next MWR Briefing, which will take place in May at a central London location.

If you would like to attend, please register your interest below and we will confirm your place. We would like to thank you for registering your interest in the event – we look forward to seeing you there.

Please find the presentation topics and further details below.


Register for a place at the MWR Briefing

This MWR Briefing has passed, but you can sign up to be notified of future events, or register for another of our upcoming events by visiting our MWR Briefings page.

*Request your place early to avoid disappointment!*

Our Briefings have become must-attend events for cyber security experts in every industry, combining cutting edge insights with practical 'how to' tips and guidance.

Presentation topics

Real-time Attack Path Visualisation – Jacques Louw

Predicting attack paths based on an organization’s own environments is extremely useful when assessing risk and designing defences. However, attackers have made significant advances in using offensive tools such as Bloodhound to identify and navigate paths through complex IT environments, putting organizations on the back-foot. In this talk, we will explore how to adapt offensive techniques to support the identification of attack paths in an efficient, automated way. We’ll also look at how this can be visualized in real-time, giving blue teams a fighting chance against modern threats.

During the coffee breaks, Jacques will walk you through the tool we’ve developed to visualize attack paths from a practical perspective through a demo session.

Unshrouding the cloud: applying old tricks to new problems – Craig Koorn

With 4000+ distinct permissions (and counting), understanding how access is managed within an AWS environment is often a daunting and time-consuming task requiring expert capability. Whilst developing this understanding can be a costly endeavor, not doing so could prove more expensive. This talk explores new challenges cloud-based technologies present and how they can be approached by applying traditional offensive security testing concepts. We will present research we’ve been conducting in this area, discuss insights we’ve gathered along the way, and showcase tooling we are actively developing to equip organizations with situational context.

During the coffee breaks, Craig will walk you through how this tool works from a practical perspective through a demo session alongside Jacques’.

Incident Response and the three C’s; Context, Collaboration, and Control – Matt Lawrence and Alex Davies

It’s important to be realistic about compromises and the fact they occur – which is why incident response (IR) should be a focus for all organizations. And while every company wants their own security team, it’s not always possible. During this talk, you’ll discover some quick wins you can put into place to make immediate reductions in response time.

This talk also covers our vision for the future of IR – where greater context and collaboration leads to increased control - plus the key lessons companies need to learn in order to be prepared for compromise and improve their response capabilities. We’ll also look at the impact early detection has on IR and why it’s just as important.

Practical advice for Active Directory attacks – David Middlehurst

To achieve their goals and objectives, attackers usually need to elevate their privileges within Active Directory, which is why this is at the centre of almost all enterprise attacks. In this presentation, we will explore the most prevalent escalation paths, detail our research on novel techniques that attackers utilize in these processes, and revisit older (but still prevalent) Tactics Techniques and Procedures. You’ll receive guidance on preventative and detective controls that an organization can implement, based on our vast experience of defending against real-world attacks of this nature.

Under ATT&CK: Data-driven Purple Teaming – Alfie Champion

Cybersecurity’s all about reducing risk by being able to predict, prevent, detect, and respond to attacks. Purple teaming can be incredibly helpful in quantifying detective capability and evaluating processes end-to-end, but business context must be taken into account to operate in a threat-driven way – a factor we’ll dive into in this talk.

We’ll also look at how the MITRE ATT&CK framework can be an enabling factor, but isn’t a one-stop-shop for detection and defence. And, based on our experience of data-driven purple teaming, we’ll showcase information we’ve gathered on detection capabilities across industries – so if you’ve ever wondered how others are performing, you’ll find out in this presentation. We will focus on performance at individual stages of the Cyber Kill Chain, providing key insights into common detective deficiencies in your industry.

Hybrid mobile application development, the past, the present, the future – Stefano Farletti

Hybrid Mobile Applications are now increasingly used by businesses due to their excellent UI and their faster development cycles. They’re also easier and faster to develop than a native app. So with more organizations using them, how can they ensure security risks are reduced? During this talk, we will explore the evolution of the ‘hybrid application’ development, focusing on how they widen the attack surface compared with a native application and how to mitigate these risks. We will also review Cordova and React Native, and discuss Flutter – the upcoming hybrid SDK by Google - and why you should be getting familiar with this kit.

Here are some comments shared by our guests at our last Briefing

“Informative, thought provoking, great networking” - CISO, Finance

“Excellent event, very well organised, at a great location and a wide range of information and knowledge shared” - Head of IT, Manufacturing

“Gives good insight into the threat landscape and current techniques used by malicious actors” - Customer Solution Architect, Public Sector

“Attend this event if you can” - Pen tester, Technology


What is the MWR Briefing?

MWR Briefings challenge perceptions and offer insights into the fast-paced arena of information security.


+ learn more

Home featured
Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.