Security Fest 2024 - Summary

Author

Henrik Falk
July 22, 2024

Dates: 2024-05-30 - 2024-05-31

Location: Elite Park Avenue Hotel / Gothenburg

"Everything is a subscription with a cost now. Nothing is cheap, either. The services that were supposed to help us out are turning out to be lots of overhead. How do you defend yourself without logs? How can you even tell you're getting attacked? The ancient ways still work! You can do practically anything an appliance or cloud service can do using plain old linux. Want a typing indicator for a remote server? How about shielding an on-prem exchange server from the internet, or making it completely invisible? What about monitoring logs across multiple servers, and then changing firewalls based on the entries? Trapping attackers inside of dancing ascii art? It can all be done, and more! Using the power of all the stuff under the hood of all those expensive appliances people keep buying. You can do a lot with the right linux command line swordsmanship. Let me show you!"

"Demystifying Cloud Infrastructure Attacks: Threat actor tactics in a classic on-premises environment are well documented and understood. For example, extracting credentials from memory and then pass-the-hash is a common technique to move laterally in Windows. But how do threat actors move laterally between cloud workloads and compute instances? What are the common persistence techniques, and what are the high value targets we need to protect? Alexander is Principal Forensic Consultant at Truesec and will in this session share his learnings from thousands of hours of enterprise forensics. You will learn how cloud tactics differ from on-premises and see the latest techniques used in real attacks against cloud infrastructure."

"How to become an Incident Response Rockstar? After conducting hundreds of Incident Response cases, more data is not always better. Focusing on the most relevant forensic data can speed up the investigation process rapidly. In this talk, we will discuss the importance of various event logs to track down lateral movement paths from the attackers, how to find planted (and seemingly legitimate) backdoors, and how you can work smarter, not harder - which also holds true in digital forensics. As a bonus, we will discuss less-known artifacts like MPLogs and the bitmap cache. By attending this talk, participants will be better and more efficient Incident Responders as they can focus on key aspects of an investigation."