Hack the SIEM and Win the War Many Thanks to the Following... All - - PowerPoint PPT Presentation

▶

Feb 23, 2023 210 likes •516 views

Hack the SIEM and Win the War Many Thanks to the Following... All the people that taught me this stuff Who the hell is this guy? In The Beginning... And Now And The Hits Keep On Coming What is a SIEM? I dont know either but Ill sell

SLIDE 1

Hack the SIEM and Win the War

SLIDE 2

Many Thanks to the Following...

All the people that taught me this stuff

SLIDE 3

Who the hell is this guy?

SLIDE 4

SLIDE 5

In The Beginning...

SLIDE 6

SLIDE 7

And Now

SLIDE 8

SLIDE 9

And The Hits Keep On Coming

SLIDE 10

SLIDE 11

What is a SIEM?

I don’t know either but I’ll sell you 2 of them

SLIDE 12

SLIDE 13

Why is it Weak?

Have you ever tried to patch a SIEM?

SLIDE 14

SLIDE 15

Because this is your consultant

SLIDE 16

SLIDE 17

And this is their company slogan

SLIDE 18

SLIDE 19

SLIDE 20

Why Target It?

SLIDE 21

Because it has its hands in everything

SLIDE 22

Seriously, how many servers does it take to make a SIEM?

SLIDE 23

Now let’s abuse it

SLIDE 24

The Attack

Recon Exploit Collect

SLIDE 25

Recon

Check the Vendor Site

Under the customer section you will have all the targets you ever need

Documentation

You need the tech specs, specifically the API ports.

Check the Forums

Super strict member policy

Go to a Conference

Because we all know hotel wireless is frickin locked down.

Sales Engineers

You can spear phish or find them at a bar, it all amounts to the same thing.

Get a Free Version

Maybe...but you have to ask nicely

SLIDE 26

Say What????

SLIDE 27

Exploit / Collect

Cred Reuse

This is always a thing

Default Creds

Cause Admins are lazy

Um….Lots of Stuff

Seriously, a metric F*** ton

API

CURL, CURL, CURL

Interface

Nothing to see here, just another user...

But Do You Need To?

Probably Not

SLIDE 28

DEDEMO

SLIDE 29