BSides Singapore 2019 Schedule

Conference Schedule 2019

BSides Singapore

Leveraging Osquery for DFIR at Scale

Venue: Ngee Ann Kongsi Auditorium | Time: 11:00 AM - 11:45 AM

An enterprise has a diverse environment (cloud instances, servers, workstations) in which to try and detect potential security incidents. The ability of an incident response team to work quickly and at necessary scale is imperative when incidents do occur. After an initial compromise, attackers often move laterally in an environment, trying to establish a foothold and escalate privileges. While they try to remain stealthy, they almost always leave behind footprints. Detecting and analyzing these footprints quickly and accurately to scope the security incident is critical for any Enterprise.

This talk will explore a scalable approach that relies on open source tools like OSQuery. The goal is to develop techniques that can be leveraged to quickly and easily investigate large groups infrastructure components for initial triage, basic forensic analysis, and to also help proactively detect threats.

Speaker 1
Sohini Mukherjee

Sohini Mukherjee is a Security Researcher at Adobe. Sohini loves to hunt for bad guys. Sohini is GCIH, GCFA, GPEN Certified and is a SANS/GIAC Advisory Board Member.