BSides PGH 2018 – Heavy Machinery and Burly Lumberjacks and Logging! Oh My!

by , | Jun 25, 2018

BSides Pittsburgh

June 22, 2018 | Posted in Red Teams by Dan Astor, Evan Perotti

 

Security Risk Advisors is proud to have been a Gold Sponsor at BSides PGH on Friday, June 22. In addition to continued involvement in and support for the BSides organization, Security Risk Advisors’ Dan Astor and Evan Perotti presented on the their experience using a SIEM for Red Team work.  The presentation slides are available on Slideshare, below:

 

Presented at BSides Pittsburgh, June 22, 2018

Did we get the creds? Do we have a beacon?  Are we burned?  All questions that get asked during a red team engagement with high frequency. With a full red team infrastructure, you need to manage a mini-network to be successful. Cobbling together monitoring scripts, tailing files, or grepping for tokens to see if payloads were downloaded or if phishing credentials were entered can be painful and inefficient when you could instead be planning your next move or taking advantage of a successful compromise.

We need some way to organize all these logs and data into a centralized location that can alert us when important events happen.  Perhaps a SIEM… By ingesting logs from all our hosts used during an engagement, we can begin to visualize our network of attack machines and create alerts for priority events like phishing credentials being submitted, IR teams and security vendors hitting your server, and changes in server health. This talk will cover the ins and outs of why to use a SIEM for your red team infrastructure, the free products out there that can assist, and how we went down the path of using Elastic for our Red SIEM. We’ll also be releasing our tools, scripts, and resources to aid you in deploying and monitoring your own Red SIEM.

 

Bio: Dan Astor – Dan is a senior operator for Security Risk Advisors’ Technical Assessment team. His focus is in red team operations, network penetration testing, password cracking, and spear phishing. He has been a speaker at BSides PGH and BSides NOLA.

Bio: Evan Perotti – Evan is an operator for Security Risk Advisors’ Technical Assessment team. His focus is in red team operations, network penetration testing, reconnaissance activities, and spear phishing. He has developed a number of open source and private tools to automate common offensive activities.

 

Author

  • Dan focuses on penetration testing, web application security testing, spear phishing, social engineering, physical intrusion simulation and wireless security. Dan also has experience penetration testing APIs and web services. Dan maintains Security Risk Advisors’ high-speed password cracking hardware and tools. Dan has worked for clients in several industries including banking, entertainment & media, insurance, healthcare and utilities. Prior to joining Security Risk Advisors, Dan was a member of Steel City Hackers, a whitehat security industry group based in Pittsburgh.

  • Evan specializes in network penetration testing, web application security testing, open source intelligence gathering, and security testing process automation. He has experience in a variety of industries including retail, insurance, financial services, and healthcare.