Yeet the leet with Osquery (Effective Threathunting Without Breaking Bank )
2021-08-06, 09:30–10:30, Main Track

This talk will show the audience how they can use Osquery to complement the functionality of EDR/MDR/XDR systems to improve overall security on endpoints.


After introducing the audience to Osquery, what it is and what it can be used for, I'll introduce two C2 frameworks that can be found on github and others. Payloads generated by those frameworks will be used throughout the talk as examples to show the power of Osquery and how it can be used to detect those payloads and their actions. Combined with an intro to reverse shells and how to detect them, you should have an idea on how you can start using Osquery in your own environment.

By the end of the talk, I'll give you a quick introduction on how you can setup alerting pipelines to empower yourself and/or your Security Operations team. I'll show some examples by using Splunk and Elasticsearch.

Sebastiaan is the Lead Security Engineer at Beacon and has worked in information security for across both offensive and defensive domains. He specializes in protecting business critical assets by applying technology in creative ways and is particularly interested in Threat Hunting in Zero Trust Environments. In his free time, he enjoys the gym, he tries to hone his infosec knives, and tries to visit as many countries as possible. He has previously given talks at SHA2017 and BsidesNCL 2019.