Forget enumerating a network, hack the SIEM and win the war

Presented at BSides Austin 2017, May 4, 2017, 10:30 a.m. (60 minutes)

Every company, big and small, is hopping on the SIEM bandwagon. And while they are being sold a solution to help secure their networks the reality is that these systems practice poor security, are generally implemented by people with little to no experience, and create more vulnerabilities than they solve. In this talk I walk through a common target network where a known and commonly used SIEM has been integrated, show how to exploit onto the SIEM, where to look for the juicy intel, and how to cover your tracks.

Presenters:

• John Grigg
  I have 11 years of diverse experience within the Navy, the Intelligence Community, and in the corporate cyber security world with focuses on building and developing Cyber Protection teams, SIEM/IDS/IPS engineering, malware analysis, access development, cyber operations, targeting, and digital network intelligence.

Links:

• https://bsidesaustin2017.sched.com/event/AP27/forget-enumerating-a-network-hack-the-siem-and-win-the-war

Similar Presentations:

• BSidesDC 2015 / Log All The Things! Proactive Forensics using Log Analysis
• ShmooCon XIV (2018) / This Is Not Your Grandfather's SIEM
• SAINTCON 2019 / Building your first SIEM with the Elastic Stack