Logging Pitfalls and How to Abuse Them
Kevin Kaminski Michael Music
BSides Tampa 2019

Abstract: You cannot defend from what you cannot see. A lack of proper logging from endpoints, servers, and security appliances is a widespread issue for companies in every industry. We will outline the most common logging gaps, mistakes, and misconfigurations that we've seen and how an attacker can abuse them. This can include identifying what exactly the blue team will not see, and how knowledge of the shortcomings can allow attackers to evade the blue team or generally be more lazy and comfortable in their attack. We will also offer insight on how to solve these common problems from a high level.

Bio: Kevin Kaminski has been working at ReliaQuest for 4 years, currently as the Threat Management R&D Lead. He currently works researching the latest threat behaviors and tools in the wild, how they can be detected with enterprise technologies, and how the logs can be correlated in SIEM solutions to provide actionable intelligence. Michael Music is a USF Computer Science graduate and currently works on ReliaQuest,s Threat Management team. He is currently researching automated threat emulation, red teaming, and how red teams can enhance an organization,s security.

Back to BSides Tampa 2019 video list