BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Between a Log and a Hard Place: (mis)Adventures in A
 zure Logs\n   When: Saturday\, Aug 12\, 10:30 - 11:10 PDT\n   Where: Flami
 ngo - Mesquite - Cloud Village - [1]Map\n\n   SpeakerBio:Dmitriy Beryoza\n
    Dmitriy Beryoza is a Senior Security Researcher with Vectra AI\,\n   wo
 rking on threat detection in the cloud and on-prem networks. Before\n   th
 at\, he was a penetration tester and secure software development\n   advoc
 ate at IBM. Before switching to security full-time\, Dmitriy has\n   been 
 a software developer for many years. He presented talks at BSides\n   Las 
 Vegas\, BSides SF\, HackFest\, and others. Dmitriy holds a Ph.D. in\n   Co
 mputer Science and OSCP\, CISSP\, CCSP and CEH certifications. His\n   int
 erests include reverse engineering\, secure software development\,\n   and
  CTF competitions.\n   Twitter: [2]@0xd13a\n\n   Description:\n   Security
  monitoring in any environment is made or broken by the signal\n   quality
  in the event logs. Cloud-based solutions have transformed the\n   computi
 ng landscape with advantages like on-demand resource\n   availability\, sc
 alability\, cost-effectiveness\, and enhanced\n   collaboration capabiliti
 es. For defenders\, this new world offered many\n   benefits: robust ident
 ity management\, patching at scale\, improved\n   incident detection and r
 esponse\, and more.\n\n   Cloud providers expose detailed logs that are co
 nsumed by security\n   monitoring tools and SOC analysts. One would expect
  a common\,\n   streamlined logging solution to be a clear win in attack d
 etection\n   functionality\, but the reality is more complicated.\n\n   We
  have spent the last three years studying and monitoring Azure logs\n   an
 d have seen many problems that can complicate incident detection and\n   r
 esponse. With no alternatives to the provider's logging solution and\n   s
 low problem mitigation speed\, these issues go beyond mere annoyances\n   
 and can help attackers avoid detection.\n\n   In this talk\, we will exami
 ne logging facilities in Azure\,\n   concentrating on events generated by 
 Azure AD and Microsoft 365\, and\n   discuss multiple problems that we hav
 e observed in monitoring them.\n\n   These include:\n\n     * Blind spots 
 hiding critical security events\n\n     * Poorly documented events\, attri
 butes and magic values\n\n     * Missing important information about user 
 actions\n\n     * Bugs in log records\n\n     * Unannounced changes that b
 reak detection queries\n\n     * Log pollution opportunities\, potentially
  leading to RCE\n\n   and more\n\n   For all these issues\, we will:\n\n  
    * examine their impact on defense and monitoring\n\n     * discuss how 
 attackers (and red teamers) may take advantage of them\n\n     * suggest h
 ow defenders can mitigate the negative impact\, where\n       possible\n\n
      * and propose ways the cloud provider can address the problems going\
 n       forward\n\n   '\n\n   1. #FlamingoThirdFloor\n   2. https://twitte
 r.com/0xd13a\n\n\n
DTEND:20230812T181000Z
DTSTART:20230812T173000Z
LOCATION:CLV - Flamingo - Mesquite - Cloud Village
SUMMARY:Between a Log and a Hard Place: (mis)Adventures in Azure Logs
END:VEVENT
END:VCALENDAR