Detecting Malicious Packages in Repositories like PyPI: Using Osquery for Complete Software Inventory
Many systems make installing 3rd party software incredibly convenient; from packaging systems and well loved Linux distribution tools like Debian Apt to app stores and per-language repositories. Users are also often allowed to install browser extensions or plugins, which come from their own “store” and are just another type of ... Read More
Checking MDS/Zombieload Mitigations on macOS with Osquery
As a part of a pretty crazy week (Microsoft/RDS, Apple/Mojave/High Sierra, Adobe Acrobat/ Flash Player) when it comes to security updates, some new speculative execution vulnerabilities were disclosed and fixed ... Read More
Remote Desktop Vulnerabilities: Identifying the Exposure and Patch Using Osquery
[Updated June 5th] Patching for the CVE (CVE-2019-0708) vulnerability (referred to as BlueKeep) appears to have been slow, according to Rob Graham among others. One security expert, Ryan McGeehan (@Magoo), with experience in modeling vulnerability exploit probability and has done just that with the BlueKeep security flaw. His concerning summary ... Read More
Windows Registry & Osquery: The Easy Way to Ensure Users are Secured
The Windows registry is full of information, and with the proper tools, can be a gold mine for attackers and defenders alike. Attackers look to find specific configurations, credentials, or any information that can help them further attack systems, while defenders can use the registry to ensure that settings are ... Read More
One Year Later: Ensuring Windows is Protected from Meltdown+Spectre
2018: The year of speculative execution bugs A year ago, in January 2018, three hardware vulnerabilities known as Meltdown, Spectre Variant 1, and Spectre Variant 2 were disclosed to the public. Although disclosure was supposed to occur on January 9, news outlets found updates in the Linux Kernel and broke ... Read More
Hunting for Evil Launch Daemons – Identifying Suspicious Behavior with Osquery
Last week, Malwarebytes posted an article highlighting new malware discovered by John Lambert (Microsoft), Patrick Wardle (Objective-See and Digita Security) and Adam Thomas (Malwarebytes), and sure enough, persistence using launchd is still a common thing ... Read More
Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines
Dark Reading and Forbes, among various other sources, have recently reported that Windows computers using the hardware encryption feature of many different types of solid-state drives (SSDs) are vulnerable to attacks that defeat it completely. These vulnerabilities, discovered by Radboud University researchers Carlo Meijer and Bernard van Gastel, affect multiple ... Read More
