Doug Wilson

Picture of
Douglas (Doug) Wilson is the Director of Security at Uptycs. He has spent a large amount of his career advocating for open tools, organizations, and standards. He was formerly the spokesperson for OpenIOC, and helped to found and run OWASP DC. He has over 18 years of experience in a variety of Information Security and Technology positions. When not attached to a computer or traveling, he can be found at Scotch tastings, riding his bike around DC, and reliving his youth through cheering on the DC Breeze Pro Ultimate team.
Find me on:

Recent Posts

Free Osquery Training Course Now On-Demand

Posted by Doug Wilson on 10/18/18 8:35 AM

I’m excited to share that we have just released free online training to introduce you to osquery. Our goal was to combine quick setup and hands on labs with complete accessibility, so that anyone who wanted to give osquery a try, could.

Read More

Topics: open-source, osquery, osquery tutorial

Osquery In Action: Where and When to Apply "Threat Intel"

Posted by Doug Wilson on 6/14/18 3:55 PM
Read More

Topics: osquery, osquery tutorial

Osquery Security Solutions: Build or Buy?

Posted by Doug Wilson on 5/11/18 9:46 AM

Late last week, Chris Sanders (@chrissanders88), a former FireEye colleague, posted an interesting "lunchtime poll":

Read More

Topics: open-source, osquery

Open-source hasn't disrupted security...yet

Posted by Doug Wilson on 5/3/18 11:55 AM

I’ve written before about how I feel open-source technology will prove disruptive in the security industry. Having recently returned from a week in San Francisco for B-Sides SF & RSA, which is known as the annual pilgrimage for "Infosec Sales," I feel that way now more than ever. The growth in adoption of open-source technologies may indicate that people are starting to get more comfortable with the concept or ability of their still being enough room for innovation that companies can charge for what they develop on top of “free” open-source projects. Coming back from the premier sales conference for the information security industry is a great showcase for why I’ve come away with that thought. Let's explore...

Read More

Topics: open-source, osquery

SQL introduction for osquery

Posted by Doug Wilson on 4/12/18 7:39 AM

SQL (Standard Query Language) will be in its mid-forties later this month having been introduced by its creators Donald Chamberlin and Raymond Boyce in the 1970s. Given its age, it isn’t so hard to understand how the 2017 Stack Overflow Developers Survey uncovered that SQL is the second-most common programming language, used by 50% of developers and beaten only by JavaScript. 

Read More

Topics: video, osquery tutorial, osquery

6 Tasks for Basic macOS system monitoring with osquery [Video]

Posted by Doug Wilson on 3/29/18 9:45 AM

Osquery offers introspection capabilities for macOS that were previously difficult to achieve. Osquery uses a universal agent to collect and return a nearly unlimited amount of endpoint data that can then be queried like a database using SQL. For macOS system administrators, this opens up a world of quickly accessible system monitoring capabilities that we'll explore here today.    

In this post and video (click here to skip ahead to the video), we'll review some of the basic tasks for macOS system monitoring with osquery (osquery can be used for Linux and Windows as well, but because macOS was previously so underserved, I'm focusing there. Most commands we'll review will be the same or similar for other systems).

What we'll cover: 

Read More

Topics: macOS, osquery tutorial, video, osquery

How to unistall osquery from macOS in 4 steps [Video]

Posted by Doug Wilson on 3/22/18 9:52 AM
Need to manually uninstall osquery on macOS? If you no longer want to use osquery on your Mac, or if you need to manually clear out the installation because you're having problems with the end-point and you want to reinstall from scratch, follow the four steps outlined below. We've also included the terminal command in text format so you can easily copy and paste. 
 
Prefer video? Click here to skip ahead to a ~3 minute video and all commands required to uninstall osquery from your macos using Uptycs.
Read More

Topics: osquery, osquery tutorial, macOS

Finding OSX/CreativeUpdater malware with osquery

Posted by Doug Wilson on 2/5/18 11:05 AM

The first week of February 2018 has seen another piece of macOS malware —  CreativeUpdater malware. This time a cryptominer masquerading as several different software packages on the MacUpdate.com website. Again, even a few days later, a lot of endpoint solutions are not necessarily picking this up, looking at VirusTotal.

Read More

Topics: macOS, malware, osquery

Finding OSX/MaMi with osquery

Posted by Doug Wilson on 1/12/18 12:27 PM

Seeing on Twitter that Patrick Wardle (a must follow for macOS security!) may have found his first piece of macOS malware for 2018, I eagerly flipped to his blog. Given that this is “new” malware on macOS, there is likely going to be a window between discovery and protection via A/V software.

Read More

Topics: macOS, osquery, malware

Quick Update to #iamroot issues

Posted by Doug Wilson on 12/6/17 3:42 AM

Further updates in the #iamroot saga have shown a confusing set of responses from Apple that invalidate some of what I posted earlier, and also may give a false sense of security if users have not installed updates in the proper sequence and then restarted.

Read More

Topics: #iamroot, osquery

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Subscribe for New Posts

Find Uptycs Everywhere

Recommended Reads