Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Guillaume Ross

Guillaume Ross

Guillaume is a Principal Security Researcher at Uptycs. With experience as a security architect, consultant and with managing security operations, he loves to find ways to help organizations prevent attacks and reduce the noise that security and IT teams are subjected to. He believes that while it is impossible to prevent every single attack, a combination of good prevention techniques and security hygiene is the best way to then be able to focus on detecting and responding to only the important stuff.

Osquery tutorial: Assessing Chrome extension permissions

Osquery tutorial: Assessing Chrome extension permissions

In a previous tutorial, we discussed gathering software inventory, including Chrome extensions.

Knowing what you have is half the battle. But once you know what you have, how do you decide what you should keep?

Osquery tutorial: Gathering software inventory

Osquery tutorial: Gathering software inventory

Gathering software inventory is an important part of security and systems management. There’s a good reason software inventory is No. 2 in the list of CIS Critical Controls!

Osquery and JA3: Detecting Malicious Encrypted Connections Locally

Osquery and JA3: Detecting Malicious Encrypted Connections Locally

Network traffic encryption is increasing. This increase is driven by demand for privacy protection and the availability of great services for deploying certificates for free. According to Google’s Transparency Report, 88% of web traffic performed on Chrome for Windows is encrypted, and that number is higher for macOS, Android, and ChromeOS. The encryption trend is even clearer when you look at the percentage of HTTPS browsing time in the Transparency Report. At the same time, malware is also following this trend, as the increased security allows attackers to evade some detection mechanisms.

Deploying osquery for Windows Using GPO (Group Policy Objects)

Deploying osquery for Windows Using GPO (Group Policy Objects)

We are asked quite often if deploying the osquery agent is possible via Windows Group Policy Objects (GPOs). 

Detecting Malicious Packages in Repositories like PyPI: Using Osquery for Complete Software Inventory

Detecting Malicious Packages in Repositories like PyPI: Using Osquery for Complete Software Inventory

Many systems make installing 3rd party software incredibly convenient; from packaging systems and well loved Linux distribution tools like Debian Apt to app stores and per-language repositories. Users are also often allowed to install browser extensions or plugins, which come from their own “store” and are just another type of software. For these reasons, and without forgetting containers, maintaining a software inventory that allows you to identify dangerous packages has become harder to do, but more critical to accomplish.

Checking MDS/Zombieload Mitigations on macOS with Osquery

Checking MDS/Zombieload Mitigations on macOS with Osquery

As a part of a pretty crazy week (Microsoft/RDS, Apple/Mojave/High Sierra, Adobe Acrobat/ Flash Player) when it comes to security updates, some new speculative execution vulnerabilities were disclosed and fixed.

Page 1 of 2: