Hacking Context for Auto Root Cause and Attack Flow Discovery
Ezz Tahoun
DEF CON 33 (backfill) · Day 1 · Main Stage
In this compelling DEF CON talk, Ezz Tahoun presents a radical rethinking of how cybersecurity organizations approach log management, correlation, and threat detection. Titled "Hacking Context for Auto Root Cause and Attack Flow Discovery," the presentation directly addresses the pervasive challenges of **false positives**, overwhelming **log volume**, and the inherent limitations of traditional, **rules-based correlation** in Security Information and Event Management (SIEM) systems. Tahoun argues that current approaches lead to analyst burnout, exorbitant costs, and ultimately, broken security.
AI review
Tahoun tackles a real and painful problem — SIEM bloat, alert fatigue, rules-based correlation failure — with a coherent two-stage ML architecture (group then chain). The framing is clean and the cost savings math is compelling, but the talk stays at the concept level and never quite gets its hands dirty enough to be memorable at DEF CON.