Name: Breach -> ATT&CK -> Osquery - Learning from breach reports to improve endpoint monitoring
Start: 2019-07-10T10:45:00-0400
End: 2019-07-10T12:00:00-0400

MacAdmins is the premier East Coast conference for anyone who deploys and manages Macs and iOS devices. We are featuring 69 sessions and seven workshops with top notch speakers in the macOS and iOS deployment community. MacAdmins offers an incredible level of expertise, value, entertainment, and a great opportunity to network with your fellow admins! Visit our website.

Back To Schedule

Breach -> ATT&CK -> Osquery - Learning from breach reports to improve endpoint monitoring

Large breaches like SingHealth's resulted in detailed public reports.
Using those, we will map portions of the attacks to ATT&CK, then see how to monitor for them using qsquery.
Though most of these public reports address breaches that touched Windows environments, we will translate the Windowsness into "what would that same technique look like on Mac?".

See a full description about this session on our website

Speakers

Guillaume Ross

Principal Security Researcher, Uptycs

Guillaume is a security consultant, working for his company, Caffeine Security, responsible for providing Information Security Program development, security architecture, incident response and other services.With a background in IT and Security Architecture, he advises clients on... Read More →

Wednesday July 10, 2019 10:45am - 12:00pm EDT
208 215 Innovation Boulevard, State College, PA 16803

Security Fundamental

Feedback Link bit.ly/psumac2019-341

MacAdmins Conference 2019 at Penn State

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Guillaume Ross