As known, especially large infrastructures rely on SIEM products; which collect various logs from multiple resources and co-relate them according to the organization's ruleset. In practice, this is a very strong and powerful security approach.
On the other hand, most of these products require to be placed in the heart of the organization's IT configuration. Even though we are highly paranoid and security aware about every single third party tool that we include in our IT structure; we lose these concerns when it comes to security products. We forget to see that even though these are security products in their nature; they are not any necessarily secure in terms of their operation; despite the fact that they require much more permission than any other software.
This is the main idea behind Mehmet's talk. He will take you through the steps of his approach towards these SIEM products, and talk about how he started to test these in the first place, which attack vectors were more promising than the others, which critical vulnerabilities were easier to find, how was the exploiting phase and much more.