Osquery: What it is, how it works, and how to use it
Maintaining visibility into infrastructure and operating systems is critical for all organizations today—compliance, security, and your bottom line depend on it.
Addressing critical Windows DNS Server remote code execution vulnerability CVE-2020-1350
Microsoft released multiple security updates on Tuesday, July 14, including one for a remote code execution vulnerability for their DNS server.
Tagged as: osquery, Windows, threat management, user security, sql
Deploying osquery for Windows using GPO (Group Policy Objects)
We are asked quite often if deploying the osquery agent is possible via Windows Group Policy Objects (GPOs).
Tagged as: osquery tutorial, osquery, Windows
Remote desktop vulnerabilities: Identifying the exposure and patch using osquery
[Updated March 11th] This article was written in May 2019 and updated in June 2019. We are updating it again, as CVE-2020-0796 is now public, and has not been patched yet.
CVE-2020-0796 is a remote code execution bug in Microsoft’s SMB (file sharing) server.
Expect attacks targeting this vulnerability soon. Use the queries in this article to find machines with port 445 exposed to the Internet.
Tagged as: osquery tutorial, osquery, Windows
Windows registry and osquery: The easy way to ensure users are secured
The Windows registry is full of information, and with the proper tools, can be a gold mine for attackers and defenders alike. Attackers look to find specific configurations, credentials, or any information that can help them further attack systems, while defenders can use the registry to ensure that settings are configured as they are expected to. This is something that is not always easy to do with standard tools in Windows, or with the right level of performance. Fortunately, osquery solves that for us.
Tagged as: osquery tutorial, osquery, open-source, Windows
Subscribe for new posts
Popular Posts
- Building Your Cyber Security Strategy: A Step-By-Step Guide
- 8 Docker Security Best Practices To Optimize Your Container System
- Intro to Osquery: Frequently Asked Questions for Beginners
- SOC 2 Compliance Requirements: Essential Knowledge For Security Audits
- Warzone RAT comes with UAC bypass technique