#Hacktivity2023 скачать в хорошем качестве

#Hacktivity2023

Ozgun Kultekin and Asil Veral - SIEM Slam: Tricking Modern SIEMs with Fake Logs and Confusing Blue Teams This presentation was held at #Hacktivity2023 IT security conference on 5th October 2023. Our research has uncovered a sneaky tactic that attackers use to outsmart modern Security Information and Event Management (SIEM) tools, such as Splunk. By creating and injecting fake logs, attackers can divert the attention of blue teams and conceal their real attacks. In this study, we explore this devious approach and provide an in-depth analysis of how it can be used to deceive security operations. Specifically, we examine the vulnerabilities of SIEM tools, with Splunk as a prime example. For many organizations, Security Information and Event Management (SIEM) tools like Splunk have been essential components of their security operations for a long time. SIEM tools are critical for blue teams because they enable them to detect potential attacks and respond to them quickly. By collecting and analyzing logs from various sources, including network devices, servers, and applications, SIEM tools can identify suspicious activity and generate alerts. These alerts can then be used by security analysts to investigate and remediate any potential threats. Without SIEM tools, security teams would need to manually review and analyze each log, which would be a time-consuming and error-prone process. The speed and accuracy of SIEM tools make them an essential component of any organization’s security operations. However, as SIEM tools have become more prevalent and sophisticated, attackers have also evolved their tactics to circumvent them. In our original research, we have discovered that one particularly effective strategy is to create and insert fake logs into the SIEM tool, which can mislead and distract the blue team and hide the real attack. In this paper, we will explore how attackers use fake logs to deceive security operations and how security teams can defend against these attacks. We will focus specifically on Splunk, a modern SIEM tool, and demonstrate how to create and inject fake logs to mislead the blue team. #HACKTIVITY is the biggest event of its kind in Central & Eastern Europe. About 1000 visitors are coming from all around the globe every year to learn more about the latest trends of cybersecurity, get inspired by people with similar interest and develop themselves via comprehensive workshops and training sessions. https://www.hacktivity.com #siem #blueteam #redteam