Evil.Plumbing

A landing page for a conference talk, or an excuse to buy a cool domain?

Schedule

BsidesSF Workshop - Saturday - March 2 - 9:00

Action Needed

Bring at least one Mac or Linux system with osquery, see downloads below.
Bring an SSH client.
Bring an RDP client.

Other Resources

A private channel has been created for the workshop on the BsidesSF Slack. DM me there to get added. We may use it to copy/paste queries, etc.

Downloads

A Ubuntu VM with osquery pre-installed. sha256: bd5d2e5b53a0f82ab0f9e3d205c162ddaa924bf6e06c3f1bc038036e827441f2

You can also simply install any Ubuntu above 16.04 and manually download and install the osquery Debian package.

SSH access to VMs will be provided during workshop, but please do not assume the Wi-Fi will be usable and ensure you have at least one offline option even if it's just osquery directly on your Mac!

osquery downloads for Mac and Linux (Do not use MSI for Windows)

Ubuntu: dpkg -i filename.deb

Mac: Install Package

Chocolatey Package Manager for Windows - if you bring a Windows VM

Windows: choco install osquery

Testing

Mac/Linux: Run osqueryi in a shell. It should be in your path.
In osqueryi, run select * from uptime;

Windows: Run osqueryi from C:\programdata\osquery - it will NOT be in your path.
In osqueryi, run select * from uptime;

Authors and Contributors

Guillaume Ross - @gepeto42

Evil Dot Plumbing