Detecting Dirty_Sock with Osquery - A Snapd Privilege Escalation Vulnerability

Posted by Guillaume Ross on 2/26/19 11:06 AM

You may have heard about “Dirty Sock”, a recently discovered vulnerability targeting snapd sockets, playing on the name of a previous vulnerability called “Dirty Cow”. Snapd allows for the execution of packaged snaps, which are a mechanism to distribute and update applications in a standard format.

Read More

Topics: osquery tutorial, osquery, malware, open-source, incident investigation

The Power of Looking Back: Scanning Historical Data with the Latest Threat Intelligence

Posted by Amit Malik on 1/30/19 9:59 AM

With polymorphic malware, quick-turn domains and turn-on-a-dime attack tactics, most security professionals are looking for real-time intelligence to enable protection that is as close to zero-day as possible. Finding a threat anywhere around the globe and then immediately blasting out a definition or identifying an artifact is high on the cybersecurity wish list.

Read More

Topics: Insider, osquery, TLS, continuous monitoring, cloud security, incident investigation

Windows Registry & Osquery: The Easy Way to Ensure Users are Secured

Posted by Guillaume Ross on 1/24/19 10:29 AM

The Windows registry is full of information, and with the proper tools, can be a gold mine for attackers and defenders alike. Attackers look to find specific configurations, credentials, or any information that can help them further attack systems, while defenders can use the registry to ensure that settings are configured as they are expected to. This is something that is not always easy to do with standard tools in Windows, or with the right level of performance. Fortunately, osquery solves that for us.

Read More

Topics: osquery tutorial, osquery, open-source, Windows

One Year Later: Ensuring Windows is Protected from Meltdown+Spectre

Posted by Guillaume Ross on 1/10/19 9:48 AM

2018: The year of speculative execution bugs

A year ago, in January 2018, three hardware vulnerabilities known as Meltdown, Spectre Variant 1, and Spectre Variant 2 were disclosed to the public.

Although disclosure was supposed to occur on January 9, news outlets found updates in the Linux Kernel and broke word early on January 3, kicking off the year with a pretty big headache for IT and security teams across the globe.

Read More

Topics: osquery, system architecture, open-source

3 Reasons Incident Responders Need Osquery

Posted by Milan Shah on 12/20/18 9:18 AM

2018 marks the first full year in which Uptycs, the company created to bring Facebook’s open source osquery agent to widespread commercial adoption, has had its turnkey security analytics platform in the market. As can be expected of any startup that launches a new ground-breaking product, it has been an exciting year, full of anticipation, unprecedented interest, and challenging work as we tweaked and tuned the product to optimize it for what our customers needed it to do.

Read More

Topics: osquery, incident investigation

Hunting for Evil Launch Daemons - Identifying Suspicious Behavior with Osquery

Posted by Guillaume Ross on 12/18/18 10:05 AM

Last week, Malwarebytes posted an article highlighting new malware discovered by John Lambert (Microsoft), Patrick Wardle (Objective-See and Digita Security) and Adam Thomas (Malwarebytes), and sure enough, persistence using launchd is still a common thing.

Read More

Topics: osquery, macOS, open-source

Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines

Posted by Guillaume Ross on 11/12/18 12:32 PM

Dark Reading and Forbes, among various other sources, have recently reported that Windows computers using the hardware encryption feature of many different types of solid-state drives (SSDs) are vulnerable to attacks that defeat it completely. These vulnerabilities, discovered by Radboud University researchers Carlo Meijer and Bernard van Gastel, affect multiple models including some made by the popular brands Crucial and Samsung.

Read More

Topics: Insider, osquery

Cloud Compliance for FiServ Requires Merger of 3 Disciplines

Posted by Amber Picotte on 11/1/18 8:40 AM

With weightier compliance penalties, ever-deepening cybercrime, and rapid adoption rates of public or hybrid cloud, financial services companies must pay closer attention to cloud compliance and stop treating it in a vacuum.

Read More

Topics: continuous monitoring, cloud monitoring, CIS Benchmark, cloud compliance

Free Osquery Training Course Now On-Demand

Posted by Doug Wilson on 10/18/18 8:35 AM

I’m excited to share that we have just released free online training to introduce you to osquery. Our goal was to combine quick setup and hands on labs with complete accessibility, so that anyone who wanted to give osquery a try, could.

Read More

Topics: osquery tutorial, osquery, open-source

Research Report Evaluates Osquery’s Role in Upending Endpoint Security [Complimentary Copy]

Posted by Harry Hayward on 10/4/18 8:43 AM

451 Research, a global research advisory firm, recently published their first market insight report covering osquery. The report, “Uptycs emerges from stealth betting on SQL-based osquery for upending endpoint security” acknowledges the growing impact the universal open source agent is having in the security market. 

Read More

Topics: Insider, osquery, open-source

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Subscribe for New Posts

Find Uptycs Everywhere

Recommended Reads