BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.nsec.io//FG7TGU BEGIN:VTIMEZONE TZID:EST BEGIN:STANDARD DTSTART:20001029T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 END:STANDARD BEGIN:STANDARD DTSTART:20071104T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11 TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000402T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 END:DAYLIGHT BEGIN:DAYLIGHT DTSTART:20070311T030000 RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3 TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-2026-FG7TGU@cfp.nsec.io DTSTART;TZID=EST:20260515T163000 DTEND;TZID=EST:20260515T170000 DESCRIPTION:What’s more frightening than a 0-day? A series of false negat ives combined with the false sense of security in an unprepared Security O perations Team.\nToday\, most AWS detection and response strategies rely o n CloudTrail and GuardDuty\, with logs shipped to a SIEM\, the heart of se curity monitoring. But few teams account for the complexity of this supply chain: multiple moving parts\, permissions\, policies\, and inevitable de lays. These blind spots create opportunities for attackers to quietly dism antle detection controls.\nIn this demo-driven talk\, I’ll explore the c oncept of Cloud Antiforensics. Using a real scenario with AWS API calls sh ipped to Datadog and a decoupled GuardDuty instance reporting to Discord\, I’ll show how an attacker can disrupt log collection and evade detectio n within the delay window.\nThe goal is not just to demonstrate attacks\, but to raise awareness: centralizing everything in a SIEM is not enough. W e must design anti-antiforensics mechanisms that operate independently\, e nsuring resilience even when attackers target the detection pipeline itsel f. DTSTAMP:20260507T212208Z LOCATION:Ville-Marie SUMMARY:Practical AWS Antiforensics - Santiago Abastante URL:https://cfp.nsec.io/2026/talk/FG7TGU/ END:VEVENT END:VCALENDAR