Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Discussing the future of osquery with Enterprise Security Weekly

Discussing the future of osquery with Enterprise Security Weekly

Osquery has grown in popularity because of its broad applicability in enterprise environments. What’s next for the open source project?

You should be using AWS IMDSv2: Here’s why and how to do it

You should be using AWS IMDSv2: Here’s why and how to do it

Organizations should transition EC2 instances to use Instance Metadata Service Version 2 (IMDSv2) because IMDSv1 is susceptible to server-side request forgery (SSRF) attacks. Uptycs customers should be cautious about enabling the curl table in osquery. Uptycs has updated our version of osquery to work with IMDSv2, and we’ve implemented a rule to help customers identify EC2 instances using the vulnerable metadata service.

Continuously monitor your cloud infrastructure to improve cloud security posture

Continuously monitor your cloud infrastructure to improve cloud security posture

What’s the single biggest thing you can do to improve your cloud security posture? It’s not detecting advanced malware developed by nation states. You can dramatically improve your cloud security with a far more mundane task: making sure your cloud resources are configured correctly.

Confucius APT deploys Warzone RAT

Confucius APT deploys Warzone RAT

Research by Abhijit Mohanta and Ashwin Vamshi

Uptycs' threat research team published a piece about Warzone RAT and its advanced capabilities in November 2020. During the first week of January 2021, we discovered an ongoing targeted attack campaign related to Confucius APT, a threat actor / group primarily targeting government sectors in South Asia. This attack was identified by our in-house osquery-based sandbox that triggered a detection on Warzone RAT activity.

Revenge RAT targeting users in South America

Revenge RAT targeting users in South America

The Uptycs threat research team recently came across multiple document samples that download Revenge RAT. The campaign currently seems to be active in Brazil. All of the malware samples we received have the same properties. One of the samples we received has the name “Rooming List Reservas para 3 Familias.docx” (SHA-256: 91611ac2268d9bf7b7cb2e71976c630f6b4bfdbb68774420bf01fd1493ed28c7). The document has only a few detections in VirusTotal.

Detecting the SolarWinds supply chain attack using osquery and Uptycs

Detecting the SolarWinds supply chain attack using osquery and Uptycs

On December 13, FireEye shared details on the SolarWinds supply chain attack, dubbed SUNBURST. The next day, Volexity shared additional information on the lateral movement and exfiltration activities of the attackers.

Page 1 of 18: