Our annual flagship event took place in September 2024 at Eight Moorgate in London, where we were joined by clients, colleagues and friends to discuss topics ranging from penetration testing and cloud security, through to threat modelling and AI.
We also brought back the panel discussion – introduced at last year’s event – and discussed the role of accreditation and certification in cyber security.
Relive the day now and watch all the recordings from The Briefing.
The presentations
Redefining offensive security
Nick Jones, Global Head of Research
Cyber security as an industry dates back over 40 years now, and yet the total cost and impact of breaches seems to increase year on year. The fundamental approach of using offense to inform defense is necessary, and has been proven in other fields, but have we been applying it correctly within cyber security?
This talk runs through the history and current state of the industry, highlight some of the core deficiencies that exist today, and present a vision for where and how the industry should develop to meet the current threat landscape.
Should you trust ChatGPT with your browser?
– or anything else
Donato Capitella, Principal Security Consultant
This presentation explored the practical risks of granting LLMs agency, that is allowing them to perform actions on a user’s behalf, and how attackers might be able to exploit this in the real world. It looked at an emerging use case – autonomous browser agents – and explored how LLM agents work, the risk of indirect prompt injection and how to mitigate this.
GAppLocker
Lessons learned on application whitelisting
Roman Števaňák, Senior Security Consultant
Application whitelisting as a defense-in-depth security measure is of great importance, especially in virtual app deployments, or on jump hosts. However, with multiple mechanisms in play, like AppLocker, WDAC and different group policy settings, as well as a need for custom configuration for different systems, it is tricky to close all of the security gaps.
This session aims to clarify what the different elements of application whitelisting are on a standard Windows machine, and the pitfalls we often see during security assessments, as well as how they are usually bypassed during red team exercises. This should provide a clearer, more holistic picture of the different control mechanisms and their interplay.
One extra-large cloud assessment please?
Why testing at scale needs a different approach
Mohit Gupta & Christian Philipov, Principal Security Consultants
Cloud estates can vary vastly in size, from small single accounts, to large estates spanning multiple cloud providers. Assessing and assuring these larger environments is often a very complex undertaking, with large numbers of resources to review and secure.
This talk presents the methodologies and approaches developed by the speakers for effectively and efficiently performing large-scale cloud assessments covering an organization’s entire estate. It’ll compare and contrast these against common existing approaches and outline why new approaches were required. It’ll also cover common areas to prioritise for human assessment, how best to leverage existing tooling to support large-scale assessments, and how to optimise the time and effort spent to provide the best levels of assurance.
Kubernetes attack simulation
– the definitive guide
Leonidas Tsaousis, Senior Security Consultant
So your organization decided to follow the trend and switched to Kubernetes for hosting their applications. And this means the mission for the SOC has now changed from monitoring servers and networks, to building detective capability for a container orchestration platform. Where do you even start with for Kubernetes TTPs?
Infrastructure technologies have changed rapidly, and adversaries have adapted. Despite the novelty of the attack surface, insider threats still remain relevant and prevention alone is not enough to manage the risk posed to the modern enterprise. This talk explains the benefits of investing in a proactive approach to the security of your Kubernetes clusters through collaborative purple teams, and will provide a comprehensive guide for doing so – as informed by our latest research and experience in running attack simulations against large enterprises.
Building resilient systems
– the power of threat modelling
Blake Hyatt, Senior Security & Risk Management Consultant
In this talk, we demonstrate how you can use threat modelling to identify potential security impacts to systems from the earliest stages of development throughout the lifecycle. This will help ensure your system will be resilient against the constantly changing threat landscape.
Hack to basics
Lessons learnt from pentest programmes
Caitlin Benade, Director of Consulting – Global
As a security consultancy, WithSecure is involved in pentest programmes across the world in many different industries. Despite the range and disparity in these programmes, we often encounter similar challenges and see the same things contributing to their success. This talk focuses on those commonalities and how we’ve seen challenges approached and addressed across different engagements.
Guardians of the digital realm
The crucial role of accreditation and certification in cyber security
Moderator:
Nick Jones, Global Head of Research
Panellists:
Andrew Jones, Strategy Director, The Cyber Scheme
Chris Gray, CISO, The Co-operative Bank
Stuart Morgan, Principal Consultant, WithSecure
This panel discussion explores the essential role of accreditation and certification in cyber security, looking at how they can help establish industry standards and meet regulatory requirements.
It addresses common challenges in obtaining and maintaining certifications, including the necessity of continuous learning and development with the resources available. The discussion illustrates how certified professionals enhance organizational security, and looks ahead to emerging trends and future predictions within the industry.
If you would like any more information on these topics, or to speak to one of our experts, please contact us here.