Amit Malik

Picture of
Amit is a Principal Researcher at Uptycs. He has specialization in threat detection, threat intelligence and security architecture.Prior to Uptycs, he has worked with leading cyber security companies like Mcafee, Fireeye and Netskope.He holds multiple patents in the area of threat detection and analysis.He actively contributes in security communities through blogs, trainings and tools.
Find me on:

Recent Posts

Threat Hunting with Osquery: 5 macOS Malware Techniques & How to Find Them

Posted by Amit Malik on 5/2/19 9:40 AM

This previous blog post explored ways to use osquery for macOS malware analysis. Using the same methodology introduced there, we analyzed five additional macOS malware variants and recorded their behavior to understand the techniques they used. Below, you’ll find the techniques used by Calisto, Dummy, HiddenLotus, LamePyre and WireLurker. Read on to explore how to translate the techniques used by these malware into queries you can run to hunt for the active presence or historical artifacts using osquery.

Read More

Topics: osquery, macOS, malware, mac edr, open-source, incident investigation

Mac Malware Analysis Using Osquery

Posted by Amit Malik on 3/19/19 9:01 AM

Osquery, at its most basic level, is an operating system instrumentation framework that exposes the OS as a SQL database. SQL queries can be run to view information about the systems similar to any SQL database, providing a unified cross platform framework (i.e. endpoints running on multiple operating systems can be queried using the industry standard database language: SQL. This structured approach for collecting and accessing data introduces great flexibility, making it useful for multiple purposes. For example, queries can be constructed to audit infrastructure for compliance, vulnerabilities, malware analysis and intrusion detection, etc. Data collected by osquery can be useful to anybody from IT support teams to CSIRTs. However, in this blog post we’ll narrow our focus and explore how to use osquery specifically for macOS malware analysis (though the methodologies discussed are the same for Windows and Linux operating systems).

Read More

Topics: osquery tutorial, osquery, macOS, malware, open-source

The Power of Looking Back: Scanning Historical Data with the Latest Threat Intelligence

Posted by Amit Malik on 1/30/19 9:59 AM

With polymorphic malware, quick-turn domains and turn-on-a-dime attack tactics, most security professionals are looking for real-time intelligence to enable protection that is as close to zero-day as possible. Finding a threat anywhere around the globe and then immediately blasting out a definition or identifying an artifact is high on the cybersecurity wish list.

Read More

Topics: Insider, osquery, TLS, continuous monitoring, cloud security, incident investigation

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Subscribe for New Posts

Find Uptycs Everywhere

Recommended Reads