Donec maximus ipsum ligula, sit amet egestas magna vulputate a. Fusce ut viverra erat, molestie pulvinar turpis. Morbi metus quam, laoreet ut posuere vitae, euismod vel erat.
Morbi consectetur tortor sit amet tellus lacinia, a varius nibh hendrerit. Nullam ut quam fringilla, maximus turpis id, auctor ante. Morbi luctus id erat aliquet pellentesque. Interdum et malesuada fames ac ante ipsum primis in faucibus.
Duis diam arcu, mollis at nisi sit amet, maximus tempus nisl.
|09:00 - 09:20||Networking|
|09:30 - 10:00||Keynote and opening words|
|10:00 - 10:30||
Fusce ut viverra erat, molestie pulvinar turpis. Morbi metus quam, laoreet ut posuere vitae, euismod vel erat. Morbi consectetur tortor sit amet tellus lacinia, a varius nibh hendrerit.
|10:30 - 10:50||
Nullam ut quam fringilla, maximus turpis id, auctor ante. Morbi luctus id erat aliquet pellentesque.
Automating your Security in the Cloud - Nick Jones
As modern business is increasingly moving to the cloud, we're seeing more and more damaging effects from cloud-based attacks. However, much of this can be solved easily through automation and a fresh approach to enforce secure defaults. We'll give guidance on developing a strategy to cover Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and hybrid deployments within both AWS and Azure. We'll also share our research on automated techniques for assessing attack detection capability in the cloud.
Demystifying Cloud Forensics - Callum Roxan
The benefits of pay-as-you-go cloud infrastructure have led organizations to move significant chunks of their infrastructure to the cloud. This has changed the security paradigm, but has not prevented breaches and the need for forensic investigations within the cloud. How do you capture artefacts from or isolate a host you have no physical access to? This talk shall demystify many of the common misconceptions and show how any organisation can easily prepare their business to respond quickly to incidents in the cloud, and talk through some of the common best practices the MWR Incident Response team have developed to operate in this area.
An Ice-Cold Boot to Break BitLocker - Olle Segerdahl
A decade ago, academic researchers demonstrated how computer memory remanence could be used to defeat popular disk encryption systems. Today, most seem to believe that these attacks are too impractical for real world use. This talk will demonstrate techniques that allow recovery of BitLocker encryption keys from RAM on most, if not all, currently available laptops and tablets. These techniques allow bypassing of security controls such as password protected BIOS configuration, UEFI-based Secure Boot and the TCG Platform Reset Attack Mitigation by directly manipulating the firmware storage device.
Modern Mainframe Security - Pierrick Smet
Securing your mainframe is critical - this black box has been sitting on the network for years processing a large amount of sensitive data. You may not have looked at this for years, but it’s still just another technology, and like everything, you need to understand the security around it. We'll share our experience testing mainframe environments and the critical applications running on them. From this, we will share key recommendations to ensure access to your mainframes as well as the applications they host is appropriate to meet today's security challenges.
Detecting Attacks in Office 365 - Alex Davies
The majority of businesses today are moving to Office365, and consequently are keen to mitigate the associated risks. Based on our experience helping clients secure their O365 environments, we’ll give insight into the current threats we’re seeing, ways to avoid getting breached and how to threat hunt effectively. We’ll advise on what data sets to look at, effective use cases and anomalies commonly encountered, and our recommendations for how to implement detection and prevention based on real-world attacks.
Attack Aware Applications - Matthew Pendlebury and Calum Hall
Attack aware applications offer a compelling vision of deeply integrated security that works with the DevSecOps model. Attack aware applications can save you significant time and money on later stage testing through building security into existing applications without having to start from scratch. Rather building a firewall around them, applications can have their own anomaly and intrusion detection power. We’ll explain how to adapt open source code from the tool AppSensor to enhance the security around your own applications and we'll share best practice suggestions for standardizing the AppSensor detection points.
Specialist Software as a Target - Tim Carrington
Widely used software has long been a target for attacks – MSOffice attacks are so prevalent even general users understand the risks of enabling macros. However, less is known about attack techniques focused on specialist, industry specific solutions, and how to protect from these. We’ll share our research how large enterprise software can contain enough native functionality to facilitate a full compromise of an organisation, using AutoCad as a case study. Beyond this case study, we’ll demonstrate how legitimate functionality can be leveraged across the various stages of an attack, in seemingly low-risk software. We’ll share best practices when assessing the perceived threats within your organization and guidance on mitigating the risks.