Tweet
Title: Defending environments and hunting malware with osquery
Instructor: Guillaume Ross
Abstract: In this workshop, you will learn how to defend Linux and Windows environments with osquery, using techniques that could easily be adapted to Mac and containerized environments. Then, we will look at how we can leverage osquery to hunt for malware and attackers, as well as how we could use osquery in a controlled environment to do some basic malware analysis.
We will cover osquery deployment scenarios and configurations as well as ways we can implement it to improve the security of servers and workstations.
Specifically, we will use osquery to monitor specific security configurations, detect lateral movement, detect malware, and even see how we can use it in lab environments to analyze malware.
If you have never used osquery before, this workshop will get you started. If you have used osquery before, this workshop will help you get the most out of it, by allowing you to develop queries and an understanding of the schema and how it can be applied to protect environments and detect attacks.
The topics covered will include:
* Setup, configuration and flags
* Logging results
* Building simple to complex queries
* Monitoring for lateral movement
* Tracking important security configurations on Windows and Linux
* Detecting malware
* Performing basic malware analysis on a VM with osquery
Level: Beginner
Pre-Requisites: Basic understanding of Linux and Windows. Mac and Docker optional. No knowledge of osquery itself is needed.
Required Materials: A computer with a SSH and RDP client. Linux and Windows systems in the cloud will be provided. Local Linux and Windows VMs are welcome as well, but not necessary.
Instructor: Guillaume Ross
Abstract: In this workshop, you will learn how to defend Linux and Windows environments with osquery, using techniques that could easily be adapted to Mac and containerized environments. Then, we will look at how we can leverage osquery to hunt for malware and attackers, as well as how we could use osquery in a controlled environment to do some basic malware analysis.
We will cover osquery deployment scenarios and configurations as well as ways we can implement it to improve the security of servers and workstations.
Specifically, we will use osquery to monitor specific security configurations, detect lateral movement, detect malware, and even see how we can use it in lab environments to analyze malware.
If you have never used osquery before, this workshop will get you started. If you have used osquery before, this workshop will help you get the most out of it, by allowing you to develop queries and an understanding of the schema and how it can be applied to protect environments and detect attacks.
The topics covered will include:
* Setup, configuration and flags
* Logging results
* Building simple to complex queries
* Monitoring for lateral movement
* Tracking important security configurations on Windows and Linux
* Detecting malware
* Performing basic malware analysis on a VM with osquery
Level: Beginner
Pre-Requisites: Basic understanding of Linux and Windows. Mac and Docker optional. No knowledge of osquery itself is needed.
Required Materials: A computer with a SSH and RDP client. Linux and Windows systems in the cloud will be provided. Local Linux and Windows VMs are welcome as well, but not necessary.
Comment