logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Defcon 31
Authors: STÖK Hacker / Creative - Truesec
2023-08-01

Logs are a vital component for maintaining application reliability, performance, and security. They serve as a source of information for developers, security teams, and other stakeholders to understand what has happened or gone wrong within an application. However, logs can also be used to compromise the security of an application by injecting malicious content. In this presentation, we will explore how ANSI escape sequences can be used to inject, vandalize, and even weaponize log files of modern applications. We will revisit old terminal injection research and log tampering techniques from the 80-90s. Combine them with new features, to create chaos and mischief in the modern cloud cli’s, mobile, and feature-rich DevOps terminal emulators of today. We will then provide solutions on how to avoid passing on malicious escape sequences into our log files. By doing so, we can ensure that we can trust the data inside our logs, making it safe for operators to use shells to audit files. Enabling responders to quickly and accurately investigate incidents without wasting time cleaning, or having to gather additional data, while reconstructing events. Welcome to this "not so black and white," but rather quite colorful ANSI adventure, and learn how to cause, or prevent a forensic nightmare.
Authors: Veronica Schmitt
2021-09-24

tldr - powered by Generative AI

The speaker discusses the importance of implementing five simple philosophies for application logging to improve cybersecurity and DevOps practices.
  • The five philosophies were inspired by Gene Kim's book and include keeping logs simple, tagged, clean, focused, and customer-oriented.
  • Logs should be easy to read and maintain, with just enough detail to debug without compromising sensitive information.
  • Tagging sensitive data and creating metadata can help prevent accidental disclosure and aid in digital forensics and incident response.
  • Continuous improvement and psychological safety are crucial for teams to admit mistakes and learn from them.
  • Customer focus should be prioritized in building custom-oriented, secure applications.