Your registration has now been received and a representative from F-Secure will be in touch with more details soon.
At this full-day event, you can expect:
We'll provide refreshments throughout the day, as well as a sit-down lunch. The event will be followed by a drinks reception.
Please complete the registration form. As there are limited spaces, your registration will be confirmed by a member of the team.
Emulating Ransomware Attacks Safely, presented by Tim Carrington
Ransomware attacks have long been a thorn in the side of every organization. In recent years a number of prolific attacks have taken place that have put the criminals behind them to the forefront of the blue team’s minds, causing many a sleepless night. How can information security professionals effectively, and safely, determine the impact that a ransomware attack would have on their organization? This talk will address just that. Through a worked example Tim will demonstrate how a ransomware simulation assessment can be performed safely, whilst maximising elevation in prevention, detection, and response capabilities.
The audience will learn:
FIghting Back Against Cobalt Strike, presented by Callum Roxan and James Dorgan
Cobalt Strike remains one of the most prevalent attack frameworks used by threat actors and has continued to grow in popularity. Regardless of the attacker’s motive, Cobalt Strike continues to play a reoccurring role in intrusions due to its wide availability, flexibility, and its ability to remain undetected on most victim networks.
In this talk Callum and James will discuss proven and effective strategies for detecting Cobalt Strike. This talk is built from insights gained over years of threat detection research, incident response cases, and managed detection and response investigations. They will break down recent real-world incidents, identifying and explaining the key detection opportunities in each incident and revealing the detection logic and strategies that have continually allowed them to stay one step ahead. Callum and James will provide insight into how attackers are leveraging Cobalt Strike in their attacks, and what can be learnt from their patterns of behaviour to help to develop robust detection capability.
What people will learn:
APF Authorized DSA Overflow, presented by Jake Labelle
Mainframes run the world, literally. If you have ever paid for something, a mainframe was involved! Booked a flight? Used a bank? Gone to college? A mainframe was involved. Do you live in a country with a government? Mainframes! The current (and really only) mainframe Operating System is z/OS from IBM. Finding exploits on z/OS is no different than any other platform. This talk will walk through how you too can become a mainframe exploit researcher! Starting with an intro to mainframes, then discussing a native z/OS program TSO TEST, to debug and reverse engineer authorized (APF) programs. The talk will conclude with a demo of a local privilege exploit getting key zero (mainframes use keys instead of rings).
Attendees to this talk will come away knowing more about mainframes and how they too can go about finding their own exploitable binaries.
Attack Detection in SaaS, presented by Christian Philipov
Organizations struggle with building meaningful attack detection for the Software-as-a-Service (SaaS) offerings they use. This usually leads to either too many low fidelity alerts that exhaust your analysts, or too little to adequately detect malicious and anomalous activities.
In this talk attendees will learn:
Has Anyone Seen the Principal?, presented by Emilian Cebuc
Azure allows for privilege escalation via third-party service principals, if not carefully monitored. Depending on a user's assigned privileges on Azure Active Directory (AAD), a password or certificate can be assigned to O365 applications, allowing it to perform AAD actions as that application. This attack avenue is augmented by the fact that over 200 applications, with varying permissions assigned by default, are onboarded when integrating an O365 E3 or E5 license into a tenant. Microsoft does not view this as a security vulnerability or concern, leaving consumers to configure it in their Azure environment.
In this talk, Emilian will cover using new cypher queries that can be used to graphically display third-party service principals integrated with Azure and their dependent relationships, together with other useful reporting information. These queries can be used in insolation or as building blocks to map more complex relationships. This will enable security professionals to identify possible attack avenues and empower defenders to prioritize line of defense strategies. Where possible, we have implemented a few exploitation-attempting scripts, that would report back on the effectiveness.
Esoteric C2, presented by Alfie Champion and James Coote
This talk will explore the weaponization of esoteric internal command and control (C2) channels and their use for lateral movement. Attendees will see demonstrations of novel and reimagined techniques for breaking out of heavily-segregated environments, focusing on the services commonly observed to be bridging these environments, for example Active Directory and VMWare. For each of the C2 channels shown, attendees can also expect insight into the actionable detection artefacts that these channels will produce.
What people will learn: