Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Hack the SIEM and Win the War
Many Thanks to the Following...
All the people that taught me this stuff
Who the hell is this guy?
In The Beginning...
And Now
And The Hits Keep On Coming
What is a SIEM?
I don’t know either but I’ll sell you 2 of them
Why is it Weak?
Have you ever tried to patch a SIEM?
Because this is your consultant
And this is their company slogan
Why Target It?
Because it has its hands in everything
Seriously, how many servers does it take to make a SIEM?
Now let’s abuse it
The Attack
Recon Exploit Collect
Recon
Check the Vendor Site
Under the customer section you will have all the targets you ever need
Documentation
You need the tech specs, specifically the API ports.
Check the Forums
Super strict member policy
Go to a Conference
Because we all know hotel wireless is frickin locked down.
Sales Engineers
You can spear phish or find them at a bar, it all amounts to the same thing.
Get a Free Version
Maybe...but you have to ask nicely
Say What????
Exploit / Collect
Cred Reuse
This is always a thing
Default Creds
Cause Admins are lazy
Um….Lots of Stuff
Seriously, a metric F*** ton
API
CURL, CURL, CURL
Interface
Nothing to see here, just another user...
But Do You Need To?
Probably Not
DEDEMO
THANKS!