Hunting Malware with osquery at scale

Presented at BruCON 0x08 (2016), Oct. 27, 2016, 1:30 p.m. (240 minutes).

This workshop is an introduction to osquery, an SQL-powered operating system for instrumentation and analytics. osquery is developed and used by Facebook to proactively hunt for abnormalities. Since osquery allows us to easily ask questions about our infrastructure, it provides powerful capabilities, such as finding malware persistence techniques and scanning IOCs across our fleets of machines. This workshop is a very hands-on training and we expect participants to be comfortable with CLI.


Presenters:

  • Jackie Bow
    Jackie is a malware analyst and reverse engineer on Facebook Security. She enjoys hunting malware across corp and prod. She one day hopes to be the very best, like no one was before. To catch them is her real test, to train other analysts is her cause...She will travel across the land, searching far and wide, teach analysts to understand, the power that's inside (osquery).
  • Erik Waher
    Erik Waher is a security engineer at Facebook. He likes mountain biking, surfing, and anything to do with packets on the network
  • Nick Anderson
    Nick Anderson is a security engineer at Facebook, focusing on corporate hids infrastructure. He is also a developer for Facebook's osquery project, an open source tool used by dozens of organizations for intrusion detection, systems operations, and compliance to better understand the state of their infrastructure and how it changes over time. Previously, Nick was a Cyber Security Research Engineer at Sandia National Labs where he lead efforts to reverse engineering detected malware. Nick earned his master's degree in Cyber Security at NYU Tandon School of Engineering and holds a bachelor's degree in Mathematics from the University of Wyoming.

Links:

Similar Presentations: