The UK Briefing 2024

Share

We also brought back the panel discussion – introduced at last year’s event – and discussed the role of accreditation and certification in cyber security.

The presentations

Redefining offensive security

Nick Jones, Global Head of Research


Cyber security as an industry dates back over 40 years now, and yet the total cost and impact of breaches seems to increase year on year. The fundamental approach of using offense to inform defense is necessary, and has been proven in other fields, but have we been applying it correctly within cyber security?

This talk runs through the history and current state of the industry, highlight some of the core deficiencies that exist today, and present a vision for where and how the industry should develop to meet the current threat landscape.

Should you trust ChatGPT with your browser?

– or anything else

Donato Capitella, Principal Security Consultant

(Video to be added soon)


This presentation explored the practical risks of granting LLMs agency, that is allowing them to perform actions on a user’s behalf, and how attackers might be able to exploit this in the real world. It looked at an emerging use case – autonomous browser agents – and explored how LLM agents work, the risk of indirect prompt injection and how to mitigate this.

GAppLocker

Lessons learned on application whitelisting

Roman Števaňák, Senior Security Consultant

Application whitelisting as a defense-in-depth security measure is of great importance, especially in virtual app deployments, or on jump hosts. However, with multiple mechanisms in play, like AppLocker, WDAC and different group policy settings, as well as a need for custom configuration for different systems, it is tricky to close all of the security gaps.

This session aims to clarify what the different elements of application whitelisting are on a standard Windows machine, and the pitfalls we often see during security assessments, as well as how they are usually bypassed during red team exercises. This should provide a clearer, more holistic picture of the different control mechanisms and their interplay.

One extra-large cloud assessment please?

Why testing at scale needs a different approach

Mohit Gupta & Christian Philipov, Principal Security Consultants

Cloud estates can vary vastly in size, from small single accounts, to large estates spanning multiple cloud providers. Assessing and assuring these larger environments is often a very complex undertaking, with large numbers of resources to review and secure.

This talk presents the methodologies and approaches developed by the speakers for effectively and efficiently performing large-scale cloud assessments covering an organization’s entire estate. It’ll compare and contrast these against common existing approaches and outline why new approaches were required. It’ll also cover common areas to prioritise for human assessment, how best to leverage existing tooling to support large-scale assessments, and how to optimise the time and effort spent to provide the best levels of assurance.

Kubernetes attack simulation

– the definitive guide

Leonidas Tsaousis, Senior Security Consultant

So your organization decided to follow the trend and switched to Kubernetes for hosting their applications. And this means the mission for the SOC has now changed from monitoring servers and networks, to building detective capability for a container orchestration platform. Where do you even start with for Kubernetes TTPs?

Infrastructure technologies have changed rapidly, and adversaries have adapted. Despite the novelty of the attack surface, insider threats still remain relevant and prevention alone is not enough to manage the risk posed to the modern enterprise. This talk explains the benefits of investing in a proactive approach to the security of your Kubernetes clusters through collaborative purple teams, and will provide a comprehensive guide for doing so – as informed by our latest research and experience in running attack simulations against large enterprises.

Building resilient systems

– the power of threat modelling

Blake Hyatt, Senior Security & Risk Management Consultant

In this talk, we demonstrate how you can use threat modelling to identify potential security impacts to systems from the earliest stages of development throughout the lifecycle. This will help ensure your system will be resilient against the constantly changing threat landscape.

Hack to basics

Lessons learnt from pentest programmes

Caitlin Benade, Director of Consulting – Global

As a security consultancy, WithSecure is involved in pentest programmes across the world in many different industries. Despite the range and disparity in these programmes, we often encounter similar challenges and see the same things contributing to their success. This talk focuses on those commonalities and how we’ve seen challenges approached and addressed across different engagements.

Guardians of the digital realm

The crucial role of accreditation and certification in cyber security

Moderator:
Nick Jones, Global Head of Research

Panellists:
Andrew Jones, Strategy Director, The Cyber Scheme
Chris Gray, CISO, The Co-operative Bank
Stuart Morgan, Principal Consultant, WithSecure

This panel discussion explores the essential role of accreditation and certification in cyber security, looking at how they can help establish industry standards and meet regulatory requirements.

It addresses common challenges in obtaining and maintaining certifications, including the necessity of continuous learning and development with the resources available. The discussion illustrates how certified professionals enhance organizational security, and looks ahead to emerging trends and future predictions within the industry.

If you would like any more information on these topics, or to speak to one of our experts, please contact us here.

Related content

September 11, 2024

Generative AI Security

Ensure the security of your GenAI powered integrations and solutions.

Read more
June 27, 2024

Threat Modeling

Make sure your system is designed securely

Read more
September 2, 2024 Our thinking

Kubernetes network encapsulation: Identification and exploitation

How attackers can use prompt injection to coerce Gemini into performing a social engineering attack against its users.

Read more

Check out our latest research on WithSecure Labs

For techies, by techies – we share knowledge and research for public use within the security community. We offer up-to-date research, quick updates, and useful tools.

Go to WithSecure Labs

Our accreditations and certificates

Contact us!

Our team of dedicated experts can help guide you in finding the right solution for your unique issues. Complete the form and we are happy to reach out as soon as possible to discuss more.