• Goa 2020
  • AMMO
  • Providence


Swapnil-Kumbhar-&-Akshay Shah

Tool Name:



Swapnil Kumbhar & Akshay Shah


Incident Response and Analysis today rely on a single source of truth: Logs. But when it comes to Linux/BSD systems or MacOS Endpoints, configuring and getting audit logs is not as straight-forward as it is in Windows. To solve this problem, we created Providence. Providence is a stack of open-source tools authored by us that aims to simplify auditing on these systems. In this presentation, we will explain how auditing at a Kernel level works in Linux and Mac systems by elaborating on Auditing Subsystem in Linux and Endpoint Security Framework in Mac. After elaborating on the usage of the userland executables for these frameworks, we will finally demonstrate how Providence can simplify the usage of these frameworks across platforms and unify data in a single dashboard. The dashboard will be used to analyze this data and detect known malicious scripts and malware on the systems.


Swapnil Kumbhar

Swapnil is a Red Teamer at Smokescreen Technologies, whose interests lie in EDR Defence Evasion, Active Directory and Powershell. In his free time, he likes to dabble with code. He has experience breaking into the most secure infrastructures in the nation.

Akshay Shah

Akshay Shah is a computer engineer who works in cybersecurity. He is one of the authors of the IEEE research paper on Lightweight Authentication and Encryption mechanisms in RPL. He loves simple automation and tries to write code on a weekday and likes to do research on weekends.

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved