* Cantinho Satkeys

Refresh History
  • j.s.: tenham um bom domingo  4tj97u<z
    05 de Julho de 2026, 09:39
  • j.s.: ghyt74 a todos  49E09B4F
    05 de Julho de 2026, 09:38
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0 r4v8p xe4s
    03 de Julho de 2026, 04:43
  • cereal killa: try65hytr pessoal,esta calor do karago  r4v8p 43e5r6
    01 de Julho de 2026, 22:01
  • j.s.: try65hytr a todos  49E09B4F
    30 de Junho de 2026, 21:02
  • JP: try65hytr Pessoal  4tj97u<z  2dgh8i k7y8j0 r4v8p
    30 de Junho de 2026, 05:31
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0 classic
    26 de Junho de 2026, 05:05
  • cereal killa: ghyt74 e continuaçao bom sao joao  wwd46l0'
    24 de Junho de 2026, 12:16
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0 xe4s
    24 de Junho de 2026, 04:05
  • FELISCUNHA: ghyt74   4tj97u<z e bom São João  h7i37
    23 de Junho de 2026, 10:55
  • j.s.: dgtgtr a todos  49E09B4F
    20 de Junho de 2026, 15:51
  • FELISCUNHA: ghyt74   49E09B4F  e bom fim de semana  4tj97u<z
    20 de Junho de 2026, 11:31
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0
    19 de Junho de 2026, 04:41
  • romi: Beleza
    19 de Junho de 2026, 04:28
  • cereal killa: try65hytr pessoal  2dgh8i
    18 de Junho de 2026, 23:28
  • JP: dgtgtr Pessoal  2dgh8i k7y8j0 r4v8p
    18 de Junho de 2026, 19:48
  • joaozinho_bosco: boas tardes.......há quanto tempo
    18 de Junho de 2026, 14:35
  • j.s.: dgtgtr a todos  49E09B4F
    16 de Junho de 2026, 18:24
  • JP: try65hytr Pessoal  2dgh8i k7y8j0 classic
    16 de Junho de 2026, 05:44
  • j.s.: bom fim de semana  4tj97u<z
    13 de Junho de 2026, 11:23

Autor Tópico: Osquery for Security Analysis  (Lida 375 vezes)

0 Membros e 1 Visitante estão a ver este tópico.

Offline mitsumi

  • Sub-Administrador
  • ****
  • Mensagens: 134140
  • Karma: +0/-0
Osquery for Security Analysis
« em: 01 de Maio de 2021, 17:11 »
MP4 | Video: h264, 1152x720 | Audio: AAC, 48000 Hz, 2 Ch
Language: English | Size: 1.07 GB | Duration: 5h 14m


Osquery for Security Analysis will teach you how to use Osquery to perform thorough investigations of hosts on your network. This isn't just an Osquery tutorial, it's a course designed to help you improve your host-based investigation skills using one of the best tools for the job.

A production server that doesn't normally communicate over the internet is exhibiting suspicious characteristics. It's sending out weird bursts of network traffic to an external host you don't know anything about. The traffic is encrypted, so network data won't be helpful. You have to rely exclusively on host-based evidence to figure out what's happening.

Now be completely honest with yourself. Would you be able to come to a conclusion about whether an attack has occurred? Would you be able to do it quickly? Would you be 100% certain about your determination?

If you answered no to any of those, then you aren't alone. The truth is, investigating things on the host is overwhelming. There are so many places to look: the registry, prefetch, disk artifacts, operating system logs...the list goes on.

The problem isn't just the number of rabbit holes, its that each one requires a different tool to access and parse the data. A question as simple as "Did the malware execute after it was downloaded?" might require a combination of a dozen complicated and unmaintained open sources tools or a pricey commercial solution.

You'll learn:

How to craft SQL queries to interrogate Windows, Linux, and MacOS hosts
Common queries for performing software inventory and asset control
Strategies for interrogating processes to determine if they are malicious
Techniques for uncovering persistence and lateral movement
Triaging suspicious systems using high-value data tables
Hunting leveraging MITRE ATT&CK techniques
Complete deployment of distributed Osquery across your network using Kolide Fleet and ElasticStack
How to leverage differential queries to monitor state changes and generate alerts
Extending Osquery with extensions


Download link:
Só visivel para registados e com resposta ao tópico.

Only visible to registered and with a reply to the topic.

Links are Interchangeable - No Password - Single Extraction