Detecting Dirty_Sock with Osquery - A Snapd Privilege Escalation Vulnerability

Posted by Guillaume Ross on 2/26/19 11:06 AM

You may have heard about “Dirty Sock”, a recently discovered vulnerability targeting snapd sockets, playing on the name of a previous vulnerability called “Dirty Cow”. Snapd allows for the execution of packaged snaps, which are a mechanism to distribute and update applications in a standard format.

Read More

Topics: osquery tutorial, osquery, malware, open-source, incident investigation

Finding OSX/CreativeUpdater malware with osquery

Posted by Doug Wilson on 2/5/18 11:05 AM

The first week of February 2018 has seen another piece of macOS malware —  CreativeUpdater malware. This time a cryptominer masquerading as several different software packages on the website. Again, even a few days later, a lot of endpoint solutions are not necessarily picking this up, looking at VirusTotal.

Read More

Topics: osquery, macOS, malware

Finding OSX/MaMi with osquery

Posted by Doug Wilson on 1/12/18 12:27 PM

Seeing on Twitter that Patrick Wardle (a must follow for macOS security!) may have found his first piece of macOS malware for 2018, I eagerly flipped to his blog. Given that this is “new” malware on macOS, there is likely going to be a window between discovery and protection via A/V software.

Read More

Topics: osquery, macOS, malware

Identifying #iamroot issues with osquery (blank password vuln in macOS 10.13.1)

Posted by Doug Wilson on 11/29/17 2:59 PM

Update: Following this article's original publication, Apple released a somewhat confusing set of security updates, which invalidates some of the original content I had shared. I have posted a follow-up here and updated the version number in the determination query in this article.

Tuesday’s event of a vulnerability in macOS High Sierra (tagged #iamroot by some) was a great chance to explore the utility of using osquery in response to a previously unknown security threat. [See this post for other macos malware identification tips]

Read More

Topics: osquery, macOS, #iamroot, malware

How to find malware on macs using osquery

Posted by Doug Wilson on 10/20/17 12:10 PM

There have been several instances where malware has been introduced to OS X machines in the past few months via “supply chain attacks”. This is where a vendor is tricked into distributing, or is compromised in a way, that their legitimate software is either replaced by or includes malware in the distribution bundle. 

Read More

Topics: osquery, macOS, malware

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Subscribe for New Posts

Find Uptycs Everywhere

Recommended Reads