Conference:  Defcon 31

Authors: STÖK Hacker / Creative - Truesec

2023-08-01

Logs are a vital component for maintaining application reliability, performance, and security. They serve as a source of information for developers, security teams, and other stakeholders to understand what has happened or gone wrong within an application. However, logs can also be used to compromise the security of an application by injecting malicious content. In this presentation, we will explore how ANSI escape sequences can be used to inject, vandalize, and even weaponize log files of modern applications. We will revisit old terminal injection research and log tampering techniques from the 80-90s. Combine them with new features, to create chaos and mischief in the modern cloud cli’s, mobile, and feature-rich DevOps terminal emulators of today. We will then provide solutions on how to avoid passing on malicious escape sequences into our log files. By doing so, we can ensure that we can trust the data inside our logs, making it safe for operators to use shells to audit files. Enabling responders to quickly and accurately investigate incidents without wasting time cleaning, or having to gather additional data, while reconstructing events. Welcome to this "not so black and white," but rather quite colorful ANSI adventure, and learn how to cause, or prevent a forensic nightmare.

Conference:  OWASP 20th Anniversary Event

Authors: Veronica Schmitt

2021-09-24

The speaker discusses the importance of implementing five simple philosophies for application logging to improve cybersecurity and DevOps practices.

• The five philosophies were inspired by Gene Kim's book and include keeping logs simple, tagged, clean, focused, and customer-oriented.
• Logs should be easy to read and maintain, with just enough detail to debug without compromising sensitive information.
• Tagging sensitive data and creating metadata can help prevent accidental disclosure and aid in digital forensics and incident response.
• Continuous improvement and psychological safety are crucial for teams to admit mistakes and learn from them.
• Customer focus should be prioritized in building custom-oriented, secure applications.