Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
  • Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here
Back To Schedule
Tuesday, June 4 • 12:15 - 16:15
Linux threat hunting with OSQuery

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In this workshop we’ll guide you through the basics of OSQuery and Linux threathunting. With interactive labs we’ll explore the capabilities provided by OSQuery to hunt for common techniques used by Linux Malware and threat actors.

We’ll discuss the techniques used and then move to our Labs with real threat scenarios to gain practical experience driving OSQuery and finding some Linux based threats.

What you need to bring:
- Working knowledge of the Linux shell and basic SQL (no OSQuery experience required),
- a Laptop with a SSH client. 


Craig Jones

Senior Manager - Security Engineering, Sophos
 Craig is Senior Manager of Security Engineering in Sophos, responsible for detection engineering, IR and security infrastructure.​@albanwr​​​

Stephen O’Leary

Senior Security Engineer, Sophos
Senior Information Security Engineer at Sophos working mostly with Splunk these days but spent over 5 years as a SQL Server DBA in a previous role at Sophos.  His efforts focus on using data from various sources to assist in not only improving the detection capability, but also asset... Read More →

Dave Davison

Red Team Lead, Sophos

Tuesday June 4, 2019 12:15 - 16:15 BST
Track 3 ILEC Conference Centre 47 Lillie Road London SW6 1UD