Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Osquery tutorial: Gathering software inventory

Osquery tutorial: Gathering software inventory

Gathering software inventory is an important part of security and systems management. There’s a good reason software inventory is No. 2 in the list of CIS Critical Controls!

macOS Bundlore: Is New Code Being Tested in Old Adware?

macOS Bundlore: Is New Code Being Tested in Old Adware?

macOS Bundlore is one of the most popular macOS adware installers. It either comes bundled with pirated applications, or from the web, prompting users to install or update Flash. Though the majority of browsers now have limited support for Flash, it is still a favorite mechanism for infecting systems. 

Deploying osquery for Windows Using GPO (Group Policy Objects)

Deploying osquery for Windows Using GPO (Group Policy Objects)

We are asked quite often if deploying the osquery agent is possible via Windows Group Policy Objects (GPOs). 

Checking MDS/Zombieload Mitigations on macOS with Osquery

Checking MDS/Zombieload Mitigations on macOS with Osquery

As a part of a pretty crazy week (Microsoft/RDS, Apple/Mojave/High Sierra, Adobe Acrobat/ Flash Player) when it comes to security updates, some new speculative execution vulnerabilities were disclosed and fixed.

Remote Desktop Vulnerabilities: Identifying the Exposure and Patch Using Osquery

Remote Desktop Vulnerabilities: Identifying the Exposure and Patch Using Osquery

[Updated March 11th] This article was written in May 2019 and updated in June 2019. We are updating it again, as CVE-2020-0796 is now public, and has not been patched yet.

CVE-2020-0796 is a remote code execution bug in Microsoft’s SMB (file sharing) server.

Expect attacks targeting this vulnerability soon. Use the queries in this article to find machines with port 445 exposed to the Internet.

The First Curated Osquery Resource Hub

The First Curated Osquery Resource Hub

Progress in open source projects thrives on the sharing of information. Yet even with the best of intentions, much of the learning can still be considered tribal knowledge, traded between small groups of closely connected individuals. While, the osquery project certainly isn’t immune to this, the community has absolutely benefited from a passionate and growing base of users, developers, contributors and tinkerers that are dedicated to documenting and sharing what they’ve learned.

Page 1 of 3: