The Curious Case of the Rogue SOAR - Vulnerabilities and Exploits in Security Automation

Explore a thought-provoking conference talk that delves into the vulnerabilities of Security Orchestration, Automation, and Response (SOAR) tools and their potential exploitation. Learn about the critical implications of targeting the very systems designed to protect networks, and how such attacks can lead to complete network compromise. Discover insights into the far-reaching consequences of SOAR tool vulnerabilities, including the risks to internal devices and services in large corporate networks. Gain understanding of future attack vectors, such as log poisoning on Security Operations Centers (SOCs) and SOAR tools utilizing Large Language Models (LLMs) like ChatGPT, potentially leading to prompt injections. Examine the various acts of this presentation, from the introduction of SOAR concepts to the emergence of LLMs in cybersecurity, and grasp the importance of securing the tools meant to defend our digital infrastructure.

Speaker and Talk Introduction
Act 0: It Starts With A Pivot
Act 1: But what is a SOAR?
Act 2: A thought experiment
Act 3: Then there was a vulnerability
Act 4: Insights
Act 5: LLMS have entered the chat
Conclusion