If you weren’t at IPEXPO Manchester to witness 44CON Cafe in action then you missed out on some great talks.
But luckily for you we have a recap of them all below.
Paul Pratley, Head of Investigations & Incident Response at MWR
Smoke Detectors & Super Spies
Paul’s talk looked at the cutest trends in serious and targeted security incidents in the UK and what you can do to get your cyber smoke detectors working. As a very UK centric Incident Response practice and operating under the CPNI cyber incident response scheme, MWR is able to observe the trending nature of data breach incidents in the UK. Despite the ever pervading perception of nation state actors and APTs being the principal threat using highly advanced tools and techniques, the reality we are seeing is that attackers are following some basic common methodologies. What most organisations fail to accomplish in their security postures is detection and response capabilities to deal with the reality of most common attacks. In addition, there is a marked lack of knowledge around the attack timelines and techniques that can be used to slow down attackers, trigger internal compromise alerting and carry out response in a timely manner to limit the damage to victim organisations.
Dean Brown – Red Team Engineer at Cortex Insight Limited
An examination of telephony security
Dean, a thoroughly interesting guy, gave a revised version of a talk he gave at Secure Word Expo 2003, but the topics of the original talk are still as applicable today as they were in 2003. Dean’s talk was split in to two parts.
During part 1, Dean did a review of old school phreak & hack of the PSTN/Office PBX systems mentioning the likes of John Draper, Kevin Mitnick and Stephen Wozniak. Part 2 focused on a Live, yes live, VoIP interception, looking at GSM.
Ben Williams – Senior Security Consultant for NCC Group UK
The L@m3ne55 of Passw0rds: Notes from the field
Ben’s talk was a Penetration Tester’s view on the world of passwords, describing the day-to-day experience of attacking networks and applications. Forget exploits and 0-day for the moment, this talk focuses on how attackers can gain and expand access using a variety of practical password attack techniques. NCC customers are often surprised when NCC gain unauthorised access with these techniques, especially when they have enforced a password strength policy and account lockout. In many cases these things can be merely a hindrance to a determined attacker.
If you have an interesting talk to share with us, why not submit it to our CFP?