logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Defcon 31
Authors: STÖK Hacker / Creative - Truesec
2023-08-01

Logs are a vital component for maintaining application reliability, performance, and security. They serve as a source of information for developers, security teams, and other stakeholders to understand what has happened or gone wrong within an application. However, logs can also be used to compromise the security of an application by injecting malicious content. In this presentation, we will explore how ANSI escape sequences can be used to inject, vandalize, and even weaponize log files of modern applications. We will revisit old terminal injection research and log tampering techniques from the 80-90s. Combine them with new features, to create chaos and mischief in the modern cloud cli’s, mobile, and feature-rich DevOps terminal emulators of today. We will then provide solutions on how to avoid passing on malicious escape sequences into our log files. By doing so, we can ensure that we can trust the data inside our logs, making it safe for operators to use shells to audit files. Enabling responders to quickly and accurately investigate incidents without wasting time cleaning, or having to gather additional data, while reconstructing events. Welcome to this "not so black and white," but rather quite colorful ANSI adventure, and learn how to cause, or prevent a forensic nightmare.
Authors: Michelle Nguyen, Hannah Troisi, Clemens Kolbitsch, Vihang Mehta
2023-04-21

tldr - powered by Generative AI

The conference presentation discusses the practicality of managing storage for multiple integrated applications in a busy environment, with a focus on the use of open telemetry and Pixie solutions.
  • The speaker addresses a question from an audience member regarding the storage of multiple integrated applications in a busy environment
  • The speaker explains that open telemetry and Pixie solutions can be used to capture and store data locally, and then filter and batch the data as needed
  • The speaker emphasizes the importance of considering sample strategies, filtering, and batching when designing an architecture for managing storage in a busy environment
Authors: Ted Young, Alolita Sharma, Morgan McLean, Daniel Dyla
2023-04-20

tldr - powered by Generative AI

Open Telemetry Integrations and Compatibility
  • Open Telemetry has several streaming protocols and projects baked into the project itself
  • Open Telemetry is interoperable with other projects and teams adding support for it
  • Native integrations are starting to use native OTLP APIs
  • Contrib repos have hundreds if not thousands of integrations with existing technologies
Authors: Anurag Gupta, Eduardo Silva
2023-04-19

tldr - powered by Generative AI

Controlling data flow is crucial for cost reduction and efficient use of resources in logging and metrics management. Fluent Bit offers processors for modifying data and labels to optimize indexing and querying.
  • Companies generate 20-30% more logs each year, making control of data flow important for cost reduction and efficient resource use
  • Fluent Bit offers processors for modifying data and labels to optimize indexing and querying
  • Lua scripting can be used for log processing
  • Labels can be added, updated, or deleted using Fluent Bit processors
  • Fluent Bit can be used for metrics management and data scraping
Authors: Simon Pasquier, Vanessa Martini
2023-04-19

tldr - powered by Generative AI

The presentation discusses the challenges faced by site reliability engineers when troubleshooting issues in Kubernetes and introduces korrel8, an open source tool that aims to reduce the cognitive load of engineers when attempting to debug issues through the correlation of observability signals.
  • Observability signals are crucial for site reliability engineers to troubleshoot issues in Kubernetes
  • There is a lack of established open source tools that aggregate all the different observability signals and help users understand how their systems behave
  • Korrel8 is an open source project founded within Reddit that aims to make correlation across observability signals accessible to everyone
  • Korrel8 can reduce the cognitive load of engineers when attempting to debug issues
  • The presentation includes a demo of korrel8 and a sneak peek overview of the roadmap vision and next steps
Authors: Michael Friedrich
2022-05-20

tldr - powered by Generative AI

The presentation discusses the importance of observability in DevOps and how it can be achieved through metrics, tracing, and chaos engineering.
  • Observability is crucial in DevOps and can be achieved through metrics, tracing, and chaos engineering.
  • Metrics and tracing provide valuable data for observability and can be implemented through tools like Prometheus and OpenTelemetry.
  • Chaos engineering can help identify and prevent potential issues in a system.
  • Teams should be trained and onboarded on observability practices, including defining service level objectives and alerts.
  • Observability should be a team effort and accessible to everyone.
  • The speaker encourages learning and collaboration in the open source community to ensure systems are running smoothly.
Authors: Ciprian Hacman, Radu Gheorghe
2022-05-19

tldr - powered by Generative AI

Best practices for scaling Elasticsearch clusters
  • Use metrics from inside Elasticsearch for accuracy
  • Scale in larger increments to reduce noise
  • Force index rotation to evenly spread load across nodes
  • Judge cluster size based on disk usage and search latency
  • Use local SSDs for better I/O latency
  • Consider hot-warm-cold architecture for data management
Authors: Morgan McLean, Jaana Dogan
2021-10-14

tldr - powered by Generative AI

OpenTelemetry provides correlations between different types of data that can be used to improve service operations and responses to outages.
  • OpenTelemetry captures distributed traces, metrics, logs, and resource metadata
  • Correlating this information is crucial for understanding failures in highly distributed systems
  • OpenTelemetry allows for correlations between language runtime traces and network events
  • Correlations can provide general production insights and improve development velocity
Authors: Veronica Schmitt
2021-09-24

tldr - powered by Generative AI

The speaker discusses the importance of implementing five simple philosophies for application logging to improve cybersecurity and DevOps practices.
  • The five philosophies were inspired by Gene Kim's book and include keeping logs simple, tagged, clean, focused, and customer-oriented.
  • Logs should be easy to read and maintain, with just enough detail to debug without compromising sensitive information.
  • Tagging sensitive data and creating metadata can help prevent accidental disclosure and aid in digital forensics and incident response.
  • Continuous improvement and psychological safety are crucial for teams to admit mistakes and learn from them.
  • Customer focus should be prioritized in building custom-oriented, secure applications.