Back to All Events

Penetration Testing & Cyber Security Strategy Seminar

  • Leeds Marriott Hotel LS1 6ET United Kingdom (map)

Seminar Overview

A strategic and practical overview of Network and Application vulnerabilities.

With the introduction of complex exploits and zero day vulnerabilities, security teams have the challenging task of prioritising, identifying and mitigating these threats. Education, Awareness and Visibility are the key to an effective Cyber Security strategy.

In this seminar we will discuss:

  • The most prominent vulnerabilities exploited today

  • A review of both technical and non-technical threats

  • Live demonstrations of attack techniques

  • Attack Patterns and their threat actors

  • Recommendations and remediation advice

  • Considerations when planning a Penetration Test

Presenter Mark Carney

Mark is a CREST Penetration Tester (CRT) and Cryptography/Cyber Security researcher with a background in the delivery of Penetration Testing and Research Engagements for clients based in the UK and Germany. Mark has an MSC in Mathematics, specialising in Logic and Computability Theory and is currently undertaking a PHD in Mathematical Logic.

Seminar Schedule

9.30 : Arrival and Refreshments

10.00 : Introduction

Understanding modern security risks, popular attack methods and reviewing real world examples in line with business impact and context

10.15 : Infrastructure & Application Security

  • A look at the OWASP Top 10 and SANS Top 25

  • Considerations for Web Application Security

  • Data theft and modification using SQL Injection

  • Direct attacks on published services

  • Defending against SQL Injection

  • Importance of Detection in Depth approach

  • LIVE Capture the Flag Exploit

  • How can an attacker recover Plaintext Passwords?

  • Vulnerability scanning vs Manual Penetration Testing

  • What are the benefits of regular Vulnerability Scanning?

  • What is the effect of a Zero Day vulnerability on Cyber Security posture? Analysis of BlueKeep

11.30 : Social Engineering

  • How to defend against Credential Compromise and

  • Malicious JavaScript

  • How to implement response playbooks

  • How to identify Spear Phishing emails with Malicious Website Links and Files

  • The importance of sufficient User Awareness Training

  • Spear Phishing, Vishing, SMS Phishing and their differences

  • Creating a “Human” Firewall

  • Manual Phishing Assessments vs Automated? What are the benefits

12.30 : Lunch

13.30 : User Level Security

  • Evaluating Personal/User Level Security and Enforcing Good Behaviour

  • The importance of using Password Managers and Multi Factor Authentication SMS vs App Based MFA Solutions - Pro’s and Cons?

  • How to hack an open laptop using BashBunny

  • What is Universal Two Factor Authentication?

  • Malicious DNS behaviour and bypassing Multi Factor Authentication

  • Working on the go - How Secure are you?

14.30 : Cyber Security Strategies

  • Identifying effective Cyber Security strategies and approaches

  • ATT&CK Knowledge Base from MITRE

  • What are Zero trust frameworks?

  • The OWASP Application Security Verification Standard (ASVS)

  • What is Analogue Network Security?

  • Looking at The InfoSec Skills Matrix

  • Identifying areas for staff development

  • Defense in Depth vs Detection in Depth?

  • Identifying the real cost of a Security Breach?

  • Cybersecurity Readiness for Organisations

15.30 : Close, Q&A and Networking