Presented at
BSidesSF 2019,
March 2, 2019, 9 a.m.
(165 minutes)
TO REGISTER FOR THIS WORKSHOP, GO [HERE](https://bsidessf.regfox.com/2019). NOTE THAT SPACE IS VERY LIMITED.
In this workshop, we will learn how to use osquery in a variety of environments and then use it to solve problems security teams everywhere have.
Required: One or more PC or VM running Mac, Windows, or Linux with Chrome installed as well as osquery installed. If osquery is not installed, do not worry; we will start the workshop with instructions on how to do that, and for Linux, we will provide a virtual appliance you can import. Be aware that we will centralize some of the osquery logs we generate, so we ask that you do not use a personal computer with your real data on it, unless you agree with other students being able to see the output of your queries.
In this workshop, we will understand how osquery is deployed, look at the way many companies get successfully attacked, monitor our systems for these issues, implement a fix, and check that it was implemented properly with osquery. We will also look at how osquery extensions can allow us to manage our systems in a more proactive way, by writing to them instead of just querying them.
If you have to manage endpoints in an environment that includes Mac, Linux, Windows, and even Docker containers, this workshop is a great way to learn about ways to manage security homogeneously, on an heterogenous environment.
Presenters:
-
Guillaume Ross
Guillaume has worked as a manager of blue teams, as a security consultant, and way before that as an enterprise IT person focused on endpoints.
Having worked for startups to fortune50, he knows how to build a security program, but having had to do the work, he also dislikes doing meaningless "best practices" work that has no practical value.
For these reasons, he focuses on providing guidance that really brings value to companies when it comes to protecting their environments and data.
Links:
Similar Presentations: