Live Interrogation With Osquery

Josh Brower (@DefensiveDepth) Osquery is an open source endpoint visibility tool that allows you to query your system as if it is a relational database. We will introduce osquery, and then demonstrate how to use it to interrogate a suspect system. The focus will be on abnormal process attributes as well as common persistence techniques.