Cloud

All Quiet on the Western Front – Exposing Logging Gaps in the Cloud

Defenders often rely on logs from cloud providers to detect incidents like data exfiltration, privilege escalation, and credential generation. In this talk, I will explore tactics used by attackers as described through the MITRE ATT&CK framework for Cloud. Specifically, I will discuss how attackers can exploit various core tactics to achieve their goals while avoiding suspicious log entries. Where feasible, I will present workarounds to address logging gaps, equipping defenders with alternative detection and investigation strategies. Additionally, I will highlight scenarios, such as covert data movement, that can occur undetected, leaving no trace in the environment’s logging systems.

Kat Traxler

Kat Traxler

Kat Traxler, a Security Professional based in the Twin Cities, specializes in cloud research and security architecture design, focusing on public cloud, container orchestration systems, and IAM platforms.Her background has included roles in penetration testing targeting web applications and cryptographic infrastructure. Kat has worked professionally in cloud security research informing detection efforts, uncovering novel abuse mechanisms and threat modeling cloud services.  She can be found equally both in the world of InfoSec and plant twitter @nightmareJS

Cloud

Heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

All Quiet on the Western Front – Exposing Logging Gaps in the Cloud

Defenders often rely on logs from cloud providers to detect incidents like data exfiltration, privilege escalation, and credential generation. In this talk, I will explore tactics used by attackers as described through the MITRE ATT&CK framework for Cloud. Specifically, I will discuss how attackers can exploit various core tactics to achieve their goals while avoiding suspicious log entries. Where feasible, I will present workarounds to address logging gaps, equipping defenders with alternative detection and investigation strategies. Additionally, I will highlight scenarios, such as covert data movement, that can occur undetected, leaving no trace in the environment’s logging systems.

You'll wish you went sooner!

We proudly present SecretCon, an entirely unparalleled conference for the state of Minnesota, built for our new digital reality. This conference is dedicated to the many specialties of our hacker, cybersecurity, and privacy community. We have taken it upon ourselves to construct a conference that not only embraces our past, but also looks to the future. Join us!