The Developer's Solution to Application Control: Custom Managed Installers

There are many ways to have development environments. Containers, virtual machines, virtual environments even... but sometimes you need the flexibility to install software on your development system, and in an environment with application control using 'Application Control for Business' this can be tough.

Depending on the organisation it may require forms, pushing new policies and testing by someone who may not understand the requirement, all so you can test a feature with the new version of "insert package/framework here". This takes time, and slows down productivity.

It's important for organisations to have these governed environments to meet industry and regulatory standards, but surely there must be a way to allow the developer flexibility with their system, and even trust they would do the right thing.

Attend this session to understand how you can implement a custom managed installer with your Application Control for Business policies and use a package manager system such as Chocolatey to give Developers that flexibility in different versions or even new software as needed.

Lastly, we'll discuss how you can govern an environment such as this to ensure the maintenance of your security posture and environment.

The Anatomy of a Ransomware Attack

Ransomware is big business, with total recorded payments exceeding $1 billion in 2023, an 18% year-on-year growth. The barrier to entry has never been lower, with Ransomware as a Service (RaaS) removing the need for deep technical expertise and opening the door to opportunistic criminals with business nous and temerity to conduct such activity. Small to medium-sized businesses, as well as large enterprises, are equally vulnerable to these attacks, which often begin with simple phishing emails or exploit kits.

In this talk, we will step through a ransomware attack, following commonly used tactics from prevalent groups such as REvil, Ryuk, and Sodinokibi. For each step of the attack, options for mitigating risk or reducing the likelihood of success will be given, including strategies for improving email security, network segmentation, and incident response.

By attending this session, you will:

+ Understand the anatomy of a ransomware attack, including the tactics and techniques used by prevalent groups
+ Learn how to identify and mitigate the risks associated with ransomware attacks, including phishing, exploit kits, and lateral movement

Securing Cloud identities in Azure

Cloud Identities are the secure boundary protecting all cloud resources, whether infrastructure, platform or software as a service offering. The 2023 State of the Cloud Permissions Risk Report commenting on problems common on all public clouds shares the following.

• Identities are only using 1% of granted permissions
• Workload identities are using less than 5% of their assigned permissions and that more than 80% of these accounts are inactive.
• There are on average 200+ services across cloud providers and common practices grant access to new services as they are released.

This technical discussion will cover the various types of identities used in public cloud including use cases, common misconfigurations and how they are exploited. Key takeaways include best practice implementation, understanding how to monitor and govern identities in Azure, and security tooling.

How to use Microsoft's Graph API

Microsoft's Graph is a RESTful web API that enables you to access Microsoft Cloud service resources. These span from Office 365 apps and data, Microsoft Security, Microsoft Azure services and all the data held within.

The Graph API is essential to programmatically engage with the Microsoft cloud and automate boring administrative tasks, create templates for complicated tasks and or essentially freeing up your time from mundane activity to do more fun interesting things.

The workshop will cover the following:
Agenda
Introduce myself
Setup your own demo M365 Developer Tenant

What is Graph API
What can it do?
Introduce Graph API Reference
Introduce the Graph Explorer
- Activity to use Graph Explorer
Application Registration, what is it and why?
Register an Azure AD Web Application
- Activity: Register an application in Azure AD
Defining Application Scope
- Activity: Grant access to M365 tenant
Authentication Methods
- Activity: Set a password
- Activity: Use a certificate to authenticate
Postman for API development
- Activity: Setup postman to use with Graph API
- Activity: Querying Graph API with Postman
Using scripts with Graph API (PowerShell/Python)
- Activity: Writing scripts to engage with Graph API
- Activity: Writing scripts to GET data
- Activity: Writing scripts to PUT data
Securing your password
- Activity: Methods to protect client secrets
Securing the application authentication
- Activity: Restricting access to application with conditional access.

All participants will get access to a GitHub repository with full instructions, workbook to follow, example scripts and links to supporting documentation.

While Microsoft Graph is the vehicle being used in this session the lessons learned will allow the participant to connect to and use any other RESTful API with confidence.

The participants will learn how to use Graph API to simplify their daily tasks and have the start of a journey in programmatically evolving their job.

From prompt to protocol, securing AI agents and MCP

AI isn’t just about asking chatbots questions anymore, it’s about building agents that think, act, and share context automatically. Each evolution from basic LLM hacks like prompt injections and jailbreaks, to full-blown agent workflows open new doors for attackers.

In this session, I’ll take you on a journey through real-world examples of how these risks multiply, and then zero in on the Model Context Protocol’s own blind spots.

You’ll walk away confident with four straightforward mitigations, leaving you ready to implementing Monday morning to make your AI systems tougher.

Exploring Azure OpenAI for Responsible AI and Generative Models

Artificial Intelligence (AI) is changing the way we interact with technology, and with great power comes great responsibility. Businesses are in equal parts excited about the potential to innovate and grow by leveraging this technology, and afraid of losing control of their IP, and their understanding of how their business runs.

In this session, we will explore the connection between AI, Responsible AI, and text, code, and image generation. We'll talk about the opportunity and the risks and give some advice on how to stay safe while leveraging generative AI.

By the end of this session, attendees will:

* Understand Azure OpenAI Service and its capabilities
* Learn about generative AI models
* Acquire knowledge on how to operationalize responsible AI practices in your enterprise
* Familiarize yourself with the strategies to incorporate security, privacy, governance, and compliance in your AI-integrated applications.

AZ900 Certification Workshop

Let's help people study to get AZ900.

Application Consent - Persistent access for the good and bad!

Application consent allows a third-party platform as a service to gain persistent access to resources in your environment. This can be something simple like automation scripts, using a Github account to log into HacktoberFest, or granting access to email and calendar for built-in productivity apps on a mobile phone.

Recent high profile security incidents have shown how application consent and service principals can be exploited for persistent access. Management of the application consent process and environment access by service principals remained free and unfettered in many environments, allowing malicious actors to do what they wanted in a largely unobserved manner.

This talk will explain the application consent process, how service principals are used and why as an application developer you should ensure you request only the minimum permissions required for your application to work. Additionally, attendees will leave with a clear understanding of how to identify and avoid the many security risks associated with the misuse of security principals.

AI Security Posture Management with Defender for Cloud

Defender for Cloud is Microsoft's multi-cloud CNAPP (Cloud Native Application Protection Platform), and through Defender CSPM (Cloud Security Posture Management) it proactively assists in protecting your AI applications hosted in your public cloud environments.

This session will explain the capability of AI SPM (Security Posture Management) to protect applications, manage AI dependencies, IaC (Infrastructure as Code) misconfigurations and container images for vulnerabilities. Learn how this powerful tooling integrates with your developer workflow and provides a governance view for organisations maintain consistent work practices across the organisation and a secure cloud environment.

Custom Managed Installers for Windows Defender Application Control

Organisations are compelled to implement Application Control solutions to meet security regulations for both internal organisational policy as well as guidance from bodies such as NCSC, ACSC or NIST.

Often the decision to implement these security controls are made by people who do not understand the impact on productivity for advanced technology workers such as developers and engineers, creating the need for complicated configurations and solutions to meet the regulatory obligation and needs of the workforce.

This talk will provide a meaningful compromise to this problem using Managed Installers in Windows Defender Application Control. Attend this session to learn how to create flexibility while still maintaining control of your environment.

There will be demonstrations of the solution including example configurations and installations using a popular package managers such as brew or chocolatey enabling professionals productivity, yet reducing the risk of ransomware or other malicious software being able to have free reign on the system.

What I learnt about automating security

By 2025 there will be an estimated 3.5 million cyber security jobs open globally. This is up from 1 million in 2014. This is a problem that will impact most organisations globally as they struggle to find qualified talent to manage their daily cyber security operations as well as engage in projects and product development.

Cyber Security can be often delegated as 'someone else's problem' much like you don't think it will be your house broken into or your belongings being stolen, sadly this being a priority often too late, usually after an incident occurs and remediation after the activity is needed.

To combat this, I wanted to investigate what an organisation can do to automate as many security functions as possible to supplement staff, not replace and lighten the workload of already beleaguered security teams. This session will describe what I have found, what is working, and where the short falls are. The session will cover as many broad aspects as possible of an organisations IT operations and projects life cycles including systems and application development. Building and managing infrastructure as well as the humans that rely on these systems.

This session won't be a deep dive in any one area, it will be a bird's eye view of end-to-end cyber security for a business.

From Tech Confidence to Cyber Victim: The Irony of Pig Butchering Scams

"From Tech Confidence to Cyber Victim" offers a compelling look into the world of 'pig butchering' scams, where the very strengths that define IT professionals can become their greatest vulnerabilities. This talk explores the ironic twist where high confidence in technological expertise leads even the most seasoned IT experts into the traps of sophisticated online fraud.

We'll examine how the unique skills and attributes of IT professionals—such as a deep understanding of complex systems, problem-solving abilities, and routine exposure to cyber risks—can paradoxically make them more susceptible to these emotionally driven scams. Delving into real-life examples, we illustrate how scammers artfully blend technical jargon with psychological manipulation, exploiting the blind spots created by tech confidence.

This session is designed to bridge the gap between technical know-how and the often-overlooked human element of cybersecurity. Attendees will learn about the subtle intricacies of 'pig butchering' scams, why their professional expertise might not be the complete armour they thought it was, and how to develop a more holistic approach to digital safety and scepticism.

Join us for an enlightening journey from the peaks of tech confidence to the unforeseen valleys of cyber victimhood and arm yourself with the knowledge to defend against the ironies of modern cyber threats.

Microsoft Security Fundamentals Exam Prep Workshop

Microsoft is the fastest growing Cyber Security company by market size and spans your entire digital estate, leading the way by leveraging AI to protect, detect and respond to incidents in your environment.

The SC-900: Microsoft Security, Compliance, and Identity Fundamentals exam assists a candidate with getting a foundational knowledge of the breadth of the Microsoft Security solution, and provides a solid base of knowledge for a professional to engage with their business on these topics, or progress with their professional development in other certification.

Our intensive prep session will be conducted by two Microsoft-certified trainers who have extensive experience in preparing candidates to pass this exam. The session will provide participants with comprehensive guidance, insider tips, and practical insights to ensure their as they pass this exam and continue their Microsoft certification journey.

Securing Cloud API Access

All public cloud providers have multiple interfaces for managing your infrastructure and applications hosted within. If you were to follow a journey of cloud maturity you start with click-ops authenticated via username and password, and progress towards automation leveraging programmatic methods using API.

A recent survey showed that 75% of participants found it daunting to leverage Cloud API due to getting credentialed access. Starting to learn this can be daunting even if you are a seasoned IT professional. Where do you start? How do you authenticate? How do you secure your solution using best practice?

Attend this session to get a kick start on leveraging APIs in public cloud, ways to get API access, how to secure this access, and resources you can take away to continue your learning journey.

Developers, the new targets in the cyber battleground.

Developers are the driving force behind value creation in today's digital age. They have the superpower to turn code into revenue-generating products that can scale to unicorn proportions. However, with great power comes great responsibility. Developers are granted extensive permissions to do their work, but these same permissions can also pose a security risk if they fall into the wrong hands. That's why it's crucial to implement security measures that protect your organization without hindering your developers' productivity.

Join us for a talk on practical tips for securing your developers. We'll discuss tools, techniques, and procedures for securing both human and automated workflows. You'll learn how to:

* Identify and mitigate common security risks in the developer environment
* Implement security controls that balance protection and productivity
* Empower developers to work securely and efficiently

Don't let security be an afterthought. Join us and learn how to build a culture of security that starts with the developer.

Microsoft Security Copilot - your new best friend!

Microsoft Security Copilot leverages with the full power of Generative AI with specially trained models focused on Security Operations within a Microsoft Security environment.

Attend this session to go on a deep dive for Microsoft Security Copilot. Learn how it can assist security operations teams to prioritise workloads, facilitate incident response and remediation, understand how it can assist on understanding best practice to manage environments in ways to reduce the likelihood of repeat successful attacks.

Maximize Developer Velocity Without Compromise - Let’s [CoPilot] Chat About Security

Join us for an exciting session where we will explore how to maximize developer velocity without compromising security. We will show you how to use GitHub CoPilot Chat, Codespaces and GitHub Advanced Security features to build secure applications faster. You’ll come away with tips and best practices from the lessons we learned from experimenting with the tools. Don’t miss out on this fun and informative session!

Dungeons, Dragons, and Data Breaches: Exploring the Synergy of Security Crisis Response

In the world of cybersecurity, where hackers lurk in the darkest digital dungeons, everyone must face the music—especially seasoned tech wizards like yourself. While we may have mastered the art of basic security hygiene (no more clicking suspicious links, right?), the question remains: Are you prepared for the ultimate boss battle? Can you navigate the treacherous maze of a cyber crisis with grace and finesse? Or will you be caught off guard like a goblin stumbling into a gelatinous cube?

But fear not, brave adventurers! Our session is here to equip you with the comedic +5 sword of knowledge and the hilarious cloak of preparedness. We'll explore the whimsical parallels between running a successful security crisis response and leading an epic D&D campaign. Together, we'll slay misconceptions, dodge digital fireballs, and emerge victorious, ready to face whatever the realms of cybersecurity throw our way. So grab your dice, gather your team, and get ready to embark on a quest that will have you laughing in the face of cyber danger!

Leveraging Generative AI for Cybersecurity. Attack, Defence and Ethics.

As cyber threats become more sophisticated, it's crucial to leverage advanced technologies to defend against them. One technology that has gained significant attention in recently is generative AI such as the Open AI GPT based models. In this session, we will explore how they could be used to carry out, and defend against, cyber-attacks.

We will discuss how generative AI can be leveraged to assist with targeted phishing attacks. Using a GPT based AI, an attacker can quickly create convincing phishing emails that are more likely to succeed. Further to this GPT based AI can guide the attacker with building the necessary infrastructure to host the whole attack chain. We will demonstrate this potential and discuss the implications of these attacks for cybersecurity.

Next, we explore how generative AI can assist defence against cyber threats. This technology can detect and advise on threats in real-time, allowing organizations to quickly identify and neutralize attacks to limit damage. We will provide examples of GPT based AI is used for defence, such as Microsoft Security Co-Pilot, and demonstrate this technology for organizations looking to improve their cybersecurity posture.
Lastly, we discuss the ethical implications of using generative AI for cybersecurity. As with any emerging technology, there are potential risks and drawbacks to consider, including issues related to privacy, bias, and accountability. We explore these issues and discuss how organizations can balance the benefits of this modern technology with the potential risks.

This will be the first conference delivery for this session but will be delivered at a local security meetup before the conference.

This is a dual delivery leveraging the specialties of the two speakers.

Michelle Sandford is a Developer Engagement Lead for Microsoft focusing on AI and George Coldham is a Cloud Solution Architect in Cyber Security for Microsoft.

This session will require internet access to gain access for the demonstrations. If Internet access is not required pre-recorded video demonstrations can be used.