The WithSecure Briefing

Wednesday, March 22nd, 2023
09:00 – 19:00
Tate Modern, London

Join us at our flagship event where, together with our partners and clients, we will consider upgrading security mindsets in ever changing technology and security landscapes.

  • Wednesday, March 22nd, 2023
  • 09:00 - 19:00
  • Tate Modern, London

Hosted by WithSecure's Chief Technology Officer, Tim Orchard, the day will include presentations from our leading cloud security, purple team, and attack detection experts. 

New additions to the Briefing format will entail:

  • Bringing to life our co-security partnerships as we put greater emphasis on sharing the stage with our clients and partners.
  • An overarching theme - 'Upgrading the Security Mindset' - to act as a strategic thread between the presentations as we consider how to stay ahead of new attacker techniques, tactics and processes.
  • Our first panel discussion, with participants from across WithSecure's partner and customer communities, who will help to draw actionable conclusions from the day's technical content.

Places are limited, please register your attendance below to secure your seat.

The presentations:

Dangers of Service as a Principal in Amazon Web Services

by Matthew Keogh and Tom Taylor MacLean

This talk will focus on AWS resource-based policies and how an attacker can use these to bypass permissions boundaries within an AWS account. Specifically, focus will be on how resource-based policies are misconfigured in the real world which can lead to resource or whole AWS accounts being exploited by an attacker.

The speakers will demonstrate the real-world impact this can have while highlighting certain AWS services and configurations that can be exploited by this attack. A less well-documented misconfiguration which is still often seen in engagements, and can unintentionally provide attackers with privileges, will be explored. Attack vectors with real impact are demonstrated before defences against these are explored. 



Az-ure Door Been Left Open? Common Azure Misconfigurations

by Aled Mehta

We often see a number of recurring issues across customer Azure and Azure AD environments. The benefit of remediating some of these issues is not always immediately visible and can often be outweighed by the cost associated with resolving it. The focus of this talk is to highlight some of the common cloud management challenges that enterprises face along with high level guidance for avoiding these issues or mitigating their impact. The talk aims to cover a range of issues from over privileged identities to poorly secured storage accounts.

The audience will be given context as to why some of these configurations are risky, what the potential impact can be, and what considerations can be made to avoid these configurations in the first place.

Pithing Needle: Detection of Sliver Command & Control

by Riccardo Ancarani

This talk will focus on the methods and techniques used to identify the presence of Sliver Command & Control (C2) implants, from a network, memory and OS artefact perspective. Recent threat intelligence showed that the usage of Sliver as a commodity C2 by criminals has increased over the past year, making it a pressing concern for organisations.

Building on the research done by Microsoft, this talk aims to provide a vendor-agnostic approach of detecting and defending against this type of threat. The audience will gain an understanding of the internals of the Sliver framework and its agents, as well as the tools and strategies available to security professionals to combat these attacks.

Increasing your Fiber Intake: Detecting Windows Fiber API Abuse

by Daniel Jary

This is a technical talk focusing on the lesser known subject of Windows Fibers; including how and why they are being abused by attackers and the challenges faced from a detection engineering perspective. It details the reverse engineering of the Windows Fiber APIs and how, by understanding the underlying mechanisms used, we are able to build forensically relevant telemetry from process memory. In addition, Daniel will demonstrate how an in house POC fiber enumeration tool can be used to detect fiber abuse.

How the DPRK like their Pizza: Lessons Learned from a Cyber Crisis

by Mehmet Mert Surmeli and Tim West

During Q4 2022, A proactive threat hunt by WithSecure Intelligence identified persistence access from a WithSecure Elements EPP (Endpoint Protection Platform) customer estate. Although initial indicators were linked to a ransomware actor, the WithSecure Incident Response team found the cyber-attack was conducted by a threat actor that WithSecure have attributed with high confidence to an intrusion set referred to as Lazarus Group.  

Tim and Mert will walk you through the timeline of the case from the perspective of the victim, showing how decisions taken early on can impact the investigation and cost of an incident. The presentation will also depict how good cyber threat intelligence can deliver a force multiplication effect in IR cases while considering where it can detract. 

How Attackers are Adapting in a SaaS World

by Luke Jennings (external presenter)

A WithSecure alumnus, Luke Jennings is now the VP of Research & Development at Push Security. More detail regarding this anticipated talk to follow shortly.

Register your attendance

We willl be in touch shortly to confirm your place in addition to the final agenda.