Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

[LISTING CONTENT]

Deploying osquery for Windows Using GPO (Group Policy Objects)

Deploying osquery for Windows Using GPO (Group Policy Objects)

We are asked quite often if deploying the osquery agent is possible via Windows Group Policy Objects (GPOs). 

Detecting Malicious Packages in Repositories like PyPI: Using Osquery for Complete Software Inventory

Detecting Malicious Packages in Repositories like PyPI: Using Osquery for Complete Software Inventory

Many systems make installing 3rd party software incredibly convenient; from packaging systems and well loved Linux distribution tools like Debian Apt to app stores and per-language repositories. Users are also often allowed to install browser extensions or plugins, which come from their own “store” and are just another type of software. For these reasons, and without forgetting containers, maintaining a software inventory that allows you to identify dangerous packages has become harder to do, but more critical to accomplish.

Checking MDS/Zombieload Mitigations on macOS with Osquery

Checking MDS/Zombieload Mitigations on macOS with Osquery

As a part of a pretty crazy week (Microsoft/RDS, Apple/Mojave/High Sierra, Adobe Acrobat/ Flash Player) when it comes to security updates, some new speculative execution vulnerabilities were disclosed and fixed.

Remote Desktop Vulnerabilities: Identifying the Exposure and Patch Using Osquery

Remote Desktop Vulnerabilities: Identifying the Exposure and Patch Using Osquery

[Updated June 5th] Patching for the CVE (CVE-2019-0708) vulnerability (referred to as BlueKeep) appears to have been slow, according to Rob Graham among others. One security expert, Ryan McGeehan (@Magoo), with experience in modeling vulnerability exploit probability and has done just that with the BlueKeep security flaw. 

His concerning summary concludes:

"Chances are about even ( 47.62%)  for “in the wild” BlueKeep exploitation to be observed between now and end of June."

Follow the outline below to check your exposure using osquery.

Microsoft released an important patch to the remotely exploitable Remote Desktop Services (RDS) vulnerability. This vulnerability does not require any authentication and allows an attacker to run code remotely. Expect public exploits to start appearing soon.

Detecting Dirty_Sock with Osquery - A Snapd Privilege Escalation Vulnerability

Detecting Dirty_Sock with Osquery - A Snapd Privilege Escalation Vulnerability

You may have heard about “Dirty Sock”, a recently discovered vulnerability targeting snapd sockets, playing on the name of a previous vulnerability called “Dirty Cow”. Snapd allows for the execution of packaged snaps, which are a mechanism to distribute and update applications in a standard format.

Windows Registry & Osquery: The Easy Way to Ensure Users are Secured

Windows Registry & Osquery: The Easy Way to Ensure Users are Secured

The Windows registry is full of information, and with the proper tools, can be a gold mine for attackers and defenders alike. Attackers look to find specific configurations, credentials, or any information that can help them further attack systems, while defenders can use the registry to ensure that settings are configured as they are expected to. This is something that is not always easy to do with standard tools in Windows, or with the right level of performance. Fortunately, osquery solves that for us.

Page 1 of 2: