Announcement

Collapse
No announcement yet.

Workshop Information: Defending environments and hunting malware with osquery

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Workshop Information: Defending environments and hunting malware with osquery

    Title: Defending environments and hunting malware with osquery

    Instructor: Guillaume Ross

    Abstract: In this workshop, you will learn how to defend Linux and Windows environments with osquery, using techniques that could easily be adapted to Mac and containerized environments. Then, we will look at how we can leverage osquery to hunt for malware and attackers, as well as how we could use osquery in a controlled environment to do some basic malware analysis.

    We will cover osquery deployment scenarios and configurations as well as ways we can implement it to improve the security of servers and workstations.

    Specifically, we will use osquery to monitor specific security configurations, detect lateral movement, detect malware, and even see how we can use it in lab environments to analyze malware.

    If you have never used osquery before, this workshop will get you started. If you have used osquery before, this workshop will help you get the most out of it, by allowing you to develop queries and an understanding of the schema and how it can be applied to protect environments and detect attacks.

    The topics covered will include:

    * Setup, configuration and flags
    * Logging results
    * Building simple to complex queries
    * Monitoring for lateral movement
    * Tracking important security configurations on Windows and Linux
    * Detecting malware
    * Performing basic malware analysis on a VM with osquery

    Level: Beginner

    Pre-Requisites: Basic understanding of Linux and Windows. Mac and Docker optional. No knowledge of osquery itself is needed.

    Required Materials: A computer with a SSH and RDP client. Linux and Windows systems in the cloud will be provided. Local Linux and Windows VMs are welcome as well, but not necessary.

  • #2
    How do I sign up for this workshop? Thank you!

    Comment


    • #3

      DC workshop page:
      https://defcon.org/html/defcon-27/dc...hops.html#ross

      Eventbrite signup page:
      https://www.eventbrite.com/e/defendi...ts-63606251009

      Comment


      • #4
        I am trying to register but it is saying unavailable. can we register yet?

        Comment


        • Dark Tangent
          Dark Tangent commented
          Editing a comment
          Registration opens at 3pm PST today (UTC-7)
      Working...
      X