Tweet
Abstract:
Thursday from 0900 to 1300
EventBrite Link: https://www.eventbrite.com/e/guillau...s-361098735037
In this workshop, we will learn how to use Fleet and osquery to ensure systems are protected, detect suspicious activity, hunt for attackers, and respond to incidents. First, we'll see how to deploy Fleet to manage osquery agents. Then, we will use shared Fleet instances to track the security posture of systems, inventory vulnerable applications, and perform threat hunting. These Fleet instances will be connected to a shared Slack workspace, where we will generate custom alerts to ensure insecure systems can be dealt with. These shared Fleet instances will output data to centralized logging (Graylog), which we will use to create dashboards as well as alerting for suspicious activity. At the end of this workshop, you'll know how to use Fleet and osquery to ensure your workstations and servers are secure, to quickly find vulnerable systems as well as discover attackers performing techniques such as establishing persistence and privilege escalation.
Skill Level: Beginner to Intermediate
Materials Needed: A laptop with internet access, a web browser, virtualization app such as VirtualBox or VMware, and Docker (on main OS or in a VM). We recommend bringing at least one or two VMs (Mac, Windows or Linux) ready to use as osquery clients.
Bio:
Guillaume started hacking away in the early 90s. Whereby hacking, we mean "understanding how pkzip works so he could fit this game on his ridiculous HDD". He then went on to work in IT, focusing on large scale endpoint deployments for a few years. He then became a security consultant, working with all types of different organizations, doing endpoint security, mobile security, and cloud security until he started leading security in startups. Guillaume is currently the Head of Security at Fleet Device Management, the company behind the open source project Fleet.
Guillaume dislikes doing meaningless "best practices" work that has no practical value and enjoys leveraging great open source software available to all of us to improve security.
Guillaume has spoken and given workshops at various conferences like BSidesLV, BsidesSF, DEF CON, RSAC, Thotcon and Northsec on many topics, including mobile security, endpoint security, logging and monitoring.
Kathy is a Developer Advocate at Fleet Device Management. She generally has a pretty good idea of how Fleet and osquery work together and what people are doing with them. She also usually knows who to reach out to when she doesn’t have a clue.
Twitter: https://twitter.com/gepeto42
Forum: @gepeto
Max Class Size: 80
Thursday from 0900 to 1300
EventBrite Link: https://www.eventbrite.com/e/guillau...s-361098735037
In this workshop, we will learn how to use Fleet and osquery to ensure systems are protected, detect suspicious activity, hunt for attackers, and respond to incidents. First, we'll see how to deploy Fleet to manage osquery agents. Then, we will use shared Fleet instances to track the security posture of systems, inventory vulnerable applications, and perform threat hunting. These Fleet instances will be connected to a shared Slack workspace, where we will generate custom alerts to ensure insecure systems can be dealt with. These shared Fleet instances will output data to centralized logging (Graylog), which we will use to create dashboards as well as alerting for suspicious activity. At the end of this workshop, you'll know how to use Fleet and osquery to ensure your workstations and servers are secure, to quickly find vulnerable systems as well as discover attackers performing techniques such as establishing persistence and privilege escalation.
Skill Level: Beginner to Intermediate
Materials Needed: A laptop with internet access, a web browser, virtualization app such as VirtualBox or VMware, and Docker (on main OS or in a VM). We recommend bringing at least one or two VMs (Mac, Windows or Linux) ready to use as osquery clients.
Bio:
Guillaume started hacking away in the early 90s. Whereby hacking, we mean "understanding how pkzip works so he could fit this game on his ridiculous HDD". He then went on to work in IT, focusing on large scale endpoint deployments for a few years. He then became a security consultant, working with all types of different organizations, doing endpoint security, mobile security, and cloud security until he started leading security in startups. Guillaume is currently the Head of Security at Fleet Device Management, the company behind the open source project Fleet.
Guillaume dislikes doing meaningless "best practices" work that has no practical value and enjoys leveraging great open source software available to all of us to improve security.
Guillaume has spoken and given workshops at various conferences like BSidesLV, BsidesSF, DEF CON, RSAC, Thotcon and Northsec on many topics, including mobile security, endpoint security, logging and monitoring.
Kathy is a Developer Advocate at Fleet Device Management. She generally has a pretty good idea of how Fleet and osquery work together and what people are doing with them. She also usually knows who to reach out to when she doesn’t have a clue.
Twitter: https://twitter.com/gepeto42
Forum: @gepeto
Max Class Size: 80
Comment