Intrusion detection on Linux and OS X with osquery (https://osquery.io)

Presented at BruCON 0x07 (2015), Oct. 9, 2015, 2 p.m. (120 minutes).

Osquery is an instrumentation framework for OS X and Linux. It exposes low-level operating system information as virtual SQL “tables” and queries can be grouped in “packs”. In this workshop participants will learn on how Facebook uses osquery for incident response and intrusion detection by analyzing a compromised Linux VM.


Presenters:

Links:

Similar Presentations: