Watch the stream
May 15 04:30 PM EDT
Talks will be streamed on YouTube and Twitch for free.
What’s more frightening than a 0-day? A series of false negatives combined with the false sense of security in an unprepared Security Operations Team. Today, most AWS detection and response strategies rely on CloudTrail and GuardDuty, with logs shipped to a SIEM, the heart of security monitoring. But few teams account for the complexity of this supply chain: multiple moving parts, permissions, policies, and inevitable delays. These blind spots create opportunities for attackers to quietly dismantle detection controls. In this demo-driven talk, I’ll explore the concept of Cloud Antiforensics. Using a real scenario with AWS API calls shipped to Datadog and a decoupled GuardDuty instance reporting to Discord, I’ll show how an attacker can disrupt log collection and evade detection within the delay window. The goal is not just to demonstrate attacks, but to raise awareness: centralizing everything in a SIEM is not enough. We must design anti-antiforensics mechanisms that operate independently, ensuring resilience even when attackers target the detection pipeline itself.
Santiago Abastante CTO, Solidariy Labs
Former Police Officer from Argentina, now a Cloud Incident Responder and Security Engineer with over 10 years of IT experience. A Digital Nomad and international speaker, I've presented on Cloud Security and Incident Response at Ekoparty, FIRST, Virus Bulletin (three times), Hack.Lu, and various BSides events worldwide. I hold a Bachelor's degree in Information Security and an MBA (Master in Business Administration).