Traditional SIEM solutions are designed to react to attacks. But what happens when you flip the script?
Instead of waiting for adversaries to make the first move, SIEM can be weaponized to proactively uncover local privilege escalation paths before they’re exploited. By mining Sysmon and Windows event logs, blue teams can reveal misconfigurations in services, scheduled tasks, DLL loads, and centralized application deployments—missteps that silently open the door to SYSTEM-level compromise.
And here’s the twist: this method doesn’t just find known weaknesses. It can expose undiscovered vulnerabilities—potential zero-days hiding inside your own environment.
This session demonstrates how to use SIEM as an offensive discovery engine and will showcase practical techniques for leveraging SIEM as an offensive discovery tool, helping defenders think like attackers to strengthen security from within.
Session will be held by Erkan Ekici and Shanti Lindström.
Erkan:
Cybersecurity Professional | OSCP+ | Blue Team Specialist | Police officer. And since childhood, he dreamed of becoming either a police officer or a hacker. He joined law enforcement, started as patrolling officer and later with technical surveillance which now fuel his cybersecurity career. Specializing in Windows Client security, he conduct security assessments, security research, enhance defenses, incident response and protect against other threats.
Shanti:
Shanti - a veteran cybersecurity professional with 17 years of experience. Started with 8 years in offensive security, discovering multiple Microsoft vulnerabilities that earned official CVEs. Leveraged this offensive mindset to transition into 9 years of defensive security work before recently switching back to penetration testing. This unique career progression provides exceptional insight into both attacker techniques and defensive strategies, creating a comprehensive security perspective few professionals possess.
Lær hvordan du bruker SIEM offensivt for å finne sårbarheter før angriperne gjør det. Oppdag skjulte feilkonfigurasjoner og mulige zero-days! Dette er praktisk sikkerhetskunnskap du ikke har råd til å gå glipp av.