A strategic and practical overview of Network and Application vulnerabilities.
With the introduction of complex exploits and zero day vulnerabilities, security teams have the challenging task of prioritising, identifying and mitigating these threats. Education, Awareness and Visibility are the key to an effective Cyber Security strategy.
In this seminar we will discuss:
The most prominent vulnerabilities exploited today
A review of both technical and non-technical threats
Live demonstrations of attack techniques
Attack Patterns and their threat actors
Recommendations and remediation advice
Considerations when planning a Penetration Test
Presenter Mark Carney
Mark is a CREST Penetration Tester (CRT) and Cryptography/Cyber Security researcher with a background in the delivery of Penetration Testing and Research Engagements for clients based in the UK and Germany. Mark has an MSC in Mathematics, specialising in Logic and Computability Theory and is currently undertaking a PHD in Mathematical Logic.
9.30 : Arrival and Refreshments
10.00 : Introduction
Understanding modern security risks, popular attack methods and reviewing real world examples in line with business impact and context
10.15 : Infrastructure & Application Security
A look at the OWASP Top 10 and SANS Top 25
Considerations for Web Application Security
Data theft and modification using SQL Injection
Direct attacks on published services
Defending against SQL Injection
Importance of Detection in Depth approach
LIVE Capture the Flag Exploit
How can an attacker recover Plaintext Passwords?
Vulnerability scanning vs Manual Penetration Testing
What are the benefits of regular Vulnerability Scanning?
What is the effect of a Zero Day vulnerability on Cyber Security posture? Analysis of BlueKeep
11.30 : Social Engineering
How to defend against Credential Compromise and
How to implement response playbooks
How to identify Spear Phishing emails with Malicious Website Links and Files
The importance of sufficient User Awareness Training
Spear Phishing, Vishing, SMS Phishing and their differences
Creating a “Human” Firewall
Manual Phishing Assessments vs Automated? What are the benefits
12.30 : Lunch
13.30 : User Level Security
Evaluating Personal/User Level Security and Enforcing Good Behaviour
The importance of using Password Managers and Multi Factor Authentication SMS vs App Based MFA Solutions - Pro’s and Cons?
How to hack an open laptop using BashBunny
What is Universal Two Factor Authentication?
Malicious DNS behaviour and bypassing Multi Factor Authentication
Working on the go - How Secure are you?
14.30 : Cyber Security Strategies
Identifying effective Cyber Security strategies and approaches
ATT&CK Knowledge Base from MITRE
What are Zero trust frameworks?
The OWASP Application Security Verification Standard (ASVS)
What is Analogue Network Security?
Looking at The InfoSec Skills Matrix
Identifying areas for staff development
Defense in Depth vs Detection in Depth?
Identifying the real cost of a Security Breach?
Cybersecurity Readiness for Organisations
15.30 : Close, Q&A and Networking