09-02, 17:00–17:50 (Europe/Berlin), C120 - Arcane room
Der Kernel implemetiert ein Auditing Framework um Syscalls und Zugriffe auf Dateien zu loggen. Damit lässt sich genau nachverfolgen was auf den Systemen passiert um, z.B. effektives Security Monitoring umzusetzten. Der Vortrag gibt einen Überblick über die Architektur des Frameworks, sowie auch die Userland-Komponente Auditd.
Sergej Schmidt is a senior security consultant. He conducts pentests and is regularly involved in detection engineering and SOC automation projects. His non-linear path started more than a dozen years ago at a small consultancy company, then going back to university, only to find him self in large enterprises at the end. While doing his Masters he spent two years with research on automated binary reversing. Most of his career his areas were pentesting of network infrastructures, build systems, web and mobile applications.
Before his current job, he spent multiple years at the defenders' side as an incident responder with a focus on Linux security monitoring and detection engineering.