Hack the SIEM and Win the War

Many Thanks to the Following...

All the people that taught me this stuff

Who the hell is this guy?

In The Beginning...

And Now

And The Hits Keep On Coming

What is a SIEM?

I don’t know either but I’ll sell you 2 of them

Why is it Weak?

Have you ever tried to patch a SIEM?

Because this is your consultant

And this is their company slogan

Why Target It?

Because it has its hands in everything

Seriously, how many servers does it take to make a SIEM?

Now let’s abuse it

The Attack

Recon Exploit Collect

Recon

Check the Vendor Site

Under the customer section you will have all the targets you ever need

Documentation

You need the tech specs, specifically the API ports.

Check the Forums

Super strict member policy

Go to a Conference

Because we all know hotel wireless is frickin locked down.

Sales Engineers

You can spear phish or find them at a bar, it all amounts to the same thing.

Get a Free Version

Maybe...but you have to ask nicely

Say What????

Exploit / Collect

Cred Reuse

This is always a thing

Default Creds

Cause Admins are lazy

Um….Lots of Stuff

Seriously, a metric F*** ton

API

CURL, CURL, CURL

Interface

Nothing to see here, just another user...

But Do You Need To?

Probably Not

DEDEMO

THANKS!