Windows Registry & Osquery: The Easy Way to Ensure Users are Secured

Posted by Guillaume Ross on 1/24/19 10:29 AM

The Windows registry is full of information, and with the proper tools, can be a gold mine for attackers and defenders alike. Attackers look to find specific configurations, credentials, or any information that can help them further attack systems, while defenders can use the registry to ensure that settings are configured as they are expected to. This is something that is not always easy to do with standard tools in Windows, or with the right level of performance. Fortunately, osquery solves that for us.

Read More

Topics: osquery, osquery tutorial, open-source, Windows

Free Osquery Training Course Now On-Demand

Posted by Doug Wilson on 10/18/18 8:35 AM

I’m excited to share that we have just released free online training to introduce you to osquery. Our goal was to combine quick setup and hands on labs with complete accessibility, so that anyone who wanted to give osquery a try, could.

Read More

Topics: open-source, osquery, osquery tutorial

Osquery In Action: Where and When to Apply "Threat Intel"

Posted by Doug Wilson on 6/14/18 3:55 PM
Read More

Topics: osquery, osquery tutorial

SQL introduction for osquery

Posted by Doug Wilson on 4/12/18 7:39 AM

SQL (Standard Query Language) will be in its mid-forties later this month having been introduced by its creators Donald Chamberlin and Raymond Boyce in the 1970s. Given its age, it isn’t so hard to understand how the 2017 Stack Overflow Developers Survey uncovered that SQL is the second-most common programming language, used by 50% of developers and beaten only by JavaScript. 

Read More

Topics: video, osquery tutorial, osquery

6 Tasks for Basic macOS system monitoring with osquery [Video]

Posted by Doug Wilson on 3/29/18 9:45 AM

Osquery offers introspection capabilities for macOS that were previously difficult to achieve. Osquery uses a universal agent to collect and return a nearly unlimited amount of endpoint data that can then be queried like a database using SQL. For macOS system administrators, this opens up a world of quickly accessible system monitoring capabilities that we'll explore here today.    

In this post and video (click here to skip ahead to the video), we'll review some of the basic tasks for macOS system monitoring with osquery (osquery can be used for Linux and Windows as well, but because macOS was previously so underserved, I'm focusing there. Most commands we'll review will be the same or similar for other systems).

What we'll cover: 

Read More

Topics: macOS, osquery tutorial, video, osquery

How to unistall osquery from macOS in 4 steps [Video]

Posted by Doug Wilson on 3/22/18 9:52 AM
Need to manually uninstall osquery on macOS? If you no longer want to use osquery on your Mac, or if you need to manually clear out the installation because you're having problems with the end-point and you want to reinstall from scratch, follow the four steps outlined below. We've also included the terminal command in text format so you can easily copy and paste. 
 
Prefer video? Click here to skip ahead to a ~3 minute video and all commands required to uninstall osquery from your macos using Uptycs.
Read More

Topics: osquery, osquery tutorial, macOS

Finding browser extensions in osquery [with Video]

Posted by Doug Wilson on 7/19/17 8:01 PM

There have been several cases in the past year of major software vendors inadvertently introducing vulnerabilities through browser extensions. Last August, it was reported that 4.7M Chrome users were at risk due to malicious code injected into eight different Chrome extensions. This past November, Cisco's Webex extension - a widely adopted video conferencing platform - was found to have multiple vulnerabilities. 

Read More

Topics: osquery, osquery tutorial, video

Wildcards and globbing in osquery

Posted by Milan Shah on 5/18/17 7:49 PM

Filepath globbing (filename patterns with wildcards) support in osquery has regularly been a source of confusion, frustration, and lost time. You can certainly explore the wildcarding system in these osquery docs, but it is hoped that the notes below will help shed light on how globbing in osquery actually works to help save you some grief.

Read More

Topics: osquery, osquery tutorial

All posts

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Subscribe for New Posts

Find Uptycs Everywhere

Recommended Reads