Share the experience of building an endpoint Extended Detection and Response (XDR) system using Wazuh in actual environments over recent years. Introduce case studies covering file monitoring, behavior analysis, vulnerability detection, network activity monitoring, among other features. Highlight how Wazuh's rich extensibility capabilities can be leveraged to integrate more rules and external intelligence for maximum effectiveness with open-source software and open intelligence. The agenda will detail various feature integrations and examples of integration, particularly focusing on the combined use with Graylog.

Understanding both the attacker's tools and the defender's mechanisms is key to designing effective security strategies. This session presents an experimental study on how various open-source backdoor C2 tools (such as Sliver, Merlin, and Villain) perform against open-source defense and detection platforms (SIEM, EDR, IPS/IDS). We will test whether these backdoors can be detected or blocked in a custom-built environment and analyze their behavior and detection results. By uncovering defense blind spots and providing strategic recommendations, this session aims to give attendees a more comprehensive perspective on offensive and defensive strategies. It is suitable for those interested in open-source tools, attack techniques, and defense mechanisms. No deep technical background is required—just come and listen!