The Briefing, London

Join our next in-person UK Briefing for a range of technical and business-related insights shared exclusively by our security experts. Register now to book your seat. 

At this full-day event, you can expect:

• Technical and business-related insights
• Practical and actionable tips
• Guidance from cyber-security experts
• The opportunity to network with your peers and discuss your security concerns with our consultants 

We will provide refreshments throughout the day, as well as a a sit-down lunch. The event will be followed by a drinks reception. 

Please note that your registration will be confirmed by a member of the team. 

What is effective ransomware prevention: Insights from the Conti playbook, presented by Arran Purewal 

In 2021 and early 2022 technical documents were leaked by disgruntled affiliates from one of the longest running and most successful Ransomware as a Service operators CONTI. Aside from their political leanings and associations with nation states, this gave insights into multiple strands of interest from a Detection and Response perspective, their operator skill, the group’s technical proficiency and their preferred methods of exploitation at each kill chain stage.  

This talk will outline the best approach to ransomware prevention and provide valuable insights on the approaches necessary to detect, evict, and prevent ransomware operators from reaching their goals.

This talk is applicable to all organizations concerned about the threat of ransomware or looking to bolster their detection and response program.  

The audience will learn: 

• The techniques utilised by Conti and other ransomware actors
• The common low-level techniques used by attackers
• The mindset shift required to understand the most important aspects of ransomware prevention
• What good detection & response practice looks like to prevent all threats, not just ransomware actors 

•  

Thinking in graphs – data visualization for threat hunting, presented by Tom Barrow & Guilio Ginesi 

An adage within the cyber industry is that "Defenders think in lists. Attackers think in graphs". But what happens when Defenders too think in graphs? In this talk, we explore the importance of the way one visualises data in the context of threat hunting, the application of graph theory to this data, and introduce a recently developed data visualisation tool - 'Detectree'.

The audience will: 

• Learn why data visualisation is fundamental to threat hunting rather than just a ‘nice to have’
• Understand why ‘Continuous Improvement’ is important within Blue Teams
• Get access to a new tool!

Exploring the macOS endpoint security framework for threat detection, presented by Connor Morley

Endpoint Security Framework (ESF) is the somewhat new security auditing tool that Apple has introduced to provide the security industry with a one-stop shop for all its telemetry needs. The ESF is capable of providing real time telemetry for detection and automated defensive purposes. However, despite this component being introduced in 2019, it wasn’t until late 2020 that most of the industry started taking notice.  

This talk will provide an overview of ESF, why it was introduced, how the ESF can be used in active threat detection, the issues with data collection, and an example use case against the Meterpreter agent on macOS 11.2.2. 

The audience will learn: 

• What the Endpoint Security Framework is and why it was introduced to the macOS.
• How the ESF can be used from a technical perspective and some of the caveats that are involved with its implementation
• An understanding of the sort of telemetry that can be acquired easily via the ESF and its value to detection operations moving forward.  

Exploring untraditional attack surfaces, presented by Katie Inns & Jake Knott

Attack surfaces have evolved faster than our techniques for securing them, meaning organisations are now being forced to consider attack paths that would historically have been lower priority. Have you ever wondered how an attacker could enter your corporate network through an employee’s residential broadband? 

The rapid implementation of collaborative tooling and remote access solutions in recent years has seen an increase in misconfigurations and sensitive data exposure, creating new potential avenues for compromise. 

These types of attack path are often overlooked due to being outside the traditional scope of endpoints, domains and network blocks. However, it's these attack paths that can sometimes offer alternative routes to a foothold. 

This talk will look to explore various ways your organisation could be targeted through untraditional means, and how attackers can often gain significant insights prior to gaining a foothold on a corporate network. It will also look to discuss how organisations can identify and reduce these areas of their attack surface. 

In this talk, the audience will learn: 

• Real examples of untraditional attack paths discovered by the ASM team
• Why an organisation’s attack surface isn't isolated to endpoints, domains, netblocks and assets with sensors
• How organisations can detect and mitigate common untraditional attack surface exposure
• Why traditional vulnerability management can miss realistic attack paths

Mapping and exploring cloud access management at scale, presented by Nick Jones 

Tracking and managing access across a cloud estate is one of the biggest security challenges faced by many organizations, particularly as they scale up their cloud usage. The permissions systems implemented by the cloud providers are complex, out of necessity, to provide the required capabilities. However, this makes it very difficult to keep track of what users and systems can manipulate assets within an environment. This can lead to an attacker being able to escalate their privileges within a workload, or pivot from one cloud environment into another, as a result of unintended permissions being granted.  

In this talk, Nick will present several different approaches to enumerating and evaluating the true permissions of an entity across an AWS organization, highlight some practical steps an organization can take to immediately identify the most dangerous effective permissions, and discuss how similar techniques could be applied in future across other providers and in multi-cloud estates.