Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Guillaume Ross

Guillaume Ross

Guillaume is a Principal Security Researcher at Uptycs. With experience as a security architect, consultant and with managing security operations, he loves to find ways to help organizations prevent attacks and reduce the noise that security and IT teams are subjected to. He believes that while it is impossible to prevent every single attack, a combination of good prevention techniques and security hygiene is the best way to then be able to focus on detecting and responding to only the important stuff.

Remote Desktop Vulnerabilities: Identifying the Exposure and Patch Using Osquery

Remote Desktop Vulnerabilities: Identifying the Exposure and Patch Using Osquery

[Updated March 11th] This article was written in May 2019 and updated in June 2019. We are updating it again, as CVE-2020-0796 is now public, and has not been patched yet.

CVE-2020-0796 is a remote code execution bug in Microsoft’s SMB (file sharing) server.

Expect attacks targeting this vulnerability soon. Use the queries in this article to find machines with port 445 exposed to the Internet.

Detecting Dirty_Sock with Osquery - A Snapd Privilege Escalation Vulnerability

Detecting Dirty_Sock with Osquery - A Snapd Privilege Escalation Vulnerability

You may have heard about “Dirty Sock”, a recently discovered vulnerability targeting snapd sockets, playing on the name of a previous vulnerability called “Dirty Cow”. Snapd allows for the execution of packaged snaps, which are a mechanism to distribute and update applications in a standard format.

Windows Registry & Osquery: The Easy Way to Ensure Users are Secured

Windows Registry & Osquery: The Easy Way to Ensure Users are Secured

The Windows registry is full of information, and with the proper tools, can be a gold mine for attackers and defenders alike. Attackers look to find specific configurations, credentials, or any information that can help them further attack systems, while defenders can use the registry to ensure that settings are configured as they are expected to. This is something that is not always easy to do with standard tools in Windows, or with the right level of performance. Fortunately, osquery solves that for us.

One Year Later: Ensuring Windows is Protected from Meltdown+Spectre

One Year Later: Ensuring Windows is Protected from Meltdown+Spectre

2018: The year of speculative execution bugs

A year ago, in January 2018, three hardware vulnerabilities known as Meltdown, Spectre Variant 1, and Spectre Variant 2 were disclosed to the public.

Although disclosure was supposed to occur on January 9, news outlets found updates in the Linux Kernel and broke word early on January 3, kicking off the year with a pretty big headache for IT and security teams across the globe.

Hunting for Evil Launch Daemons - Identifying Suspicious Behavior with Osquery

Hunting for Evil Launch Daemons - Identifying Suspicious Behavior with Osquery

Last week, Malwarebytes posted an article highlighting new malware discovered by John Lambert (Microsoft), Patrick Wardle (Objective-See and Digita Security) and Adam Thomas (Malwarebytes), and sure enough, persistence using launchd is still a common thing.

Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines

Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines

Dark Reading and Forbes, among various other sources, have recently reported that Windows computers using the hardware encryption feature of many different types of solid-state drives (SSDs) are vulnerable to attacks that defeat it completely. These vulnerabilities, discovered by Radboud University researchers Carlo Meijer and Bernard van Gastel, affect multiple models including some made by the popular brands Crucial and Samsung.

Page 2 of 2: