Hack the SIEM and Win the War
Many Thanks to the Following... All the people that taught me this stuff
Who the hell is this guy?
In The Beginning...
And Now
And The Hits Keep On Coming
What is a SIEM? I don’t know either but I’ll sell you 2 of them
Why is it Weak? Have you ever tried to patch a SIEM?
Because this is your consultant
And this is their company slogan
Why Target It?
Because it has its hands in everything
Seriously, how many servers does it take to make a SIEM?
Now let’s abuse it
The Attack Recon Exploit Collect
Recon Documentation Check the Forums Check the Vendor Site You need the tech specs, specifically the Super strict member policy Under the customer section you will API ports. have all the targets you ever need Get a Free Version Go to a Conference Sales Engineers Because we all know hotel wireless is Maybe...but you have to ask nicely You can spear phish or find them at a frickin locked down. bar, it all amounts to the same thing.
Say What????
Exploit / Collect Um….Lots of Stuff Default Creds Cred Reuse Seriously, a metric F*** ton Cause Admins are lazy This is always a thing API Interface But Do You Need To? CURL, CURL, CURL Nothing to see here, just another user... Probably Not
DE DEMO
THANKS!
Recommend
More recommend