Live Interrogation With Osquery presented at BSidesAugusta 2018

by Josh Brower,

Summary : Osquery is an open source endpoint visibility tool that allows you to query your system as if it is a relational database. We will introduce osquery, and then demonstrate how to use it to interrogate a suspect system. The focus will be on abnormal process attributes as well as common persistence techniques.