Overview
Explore advanced techniques for expanding Osquery's capabilities and enhancing Windows visibility in this 47-minute conference talk from Ekoparty 2023. Delve into creative solutions for addressing missing Windows visibility in Osquery, including reverse-engineering secedit.exe to gain insights into obscure security policies. Learn how implementing ETW tracing can provide event-driven insights into Windows subsystems. Discover practical approaches to extend Osquery's reach and achieve deeper visibility into Windows environments. Presented by Marcos Oviedo from BlueSpace, this talk offers valuable insights for security professionals and system administrators looking to improve their Windows monitoring capabilities.
Syllabus
Reverse Engineering for Enhanced Windows Visibility - Marcos Oviedo // BlueSpace - Ekoparty 2023
Taught by
Ekoparty Security Conference