2024-07-05, 09:00–12:00 (Europe/Paris), Workshop room 2
Join us for an immersive hands-on workshop where we'll delve into Kunai, a specialized threat detection and hunting tool tailored for Linux environments. Participants will explore its evolution, core principles, and latest features, including integration with MISP and its detection rules engine, through practical, real-world use cases. With guided exercises, attendees will learn to leverage Kunai for enhancing their Linux machines visibility, empowering them to identify and mitigate threats effectively.
Kunai is a relatively new open-source security monitoring/threat detection tool, born from the lack of diversity in such tools and fueled by the frustration caused by the Sysmon for Linux release. It incorporates the nicest features found in Sysmon while also striving to introduce more powerful ones such as IoC matching and configuration through detection/filtering rules.
In this workshop, you will learn:
- the foundations you will need to take the most of Kunai
- how to configure integrate Kunai to scan IoC in a MISP instance in real time
- how to create custom detection rules (to catch malware) and filtering rules (to log context)
Stable Workshop: for people having x86_64 based CPUs, all the materials will be provided in a form of a Virtual Machine.
- Preferred Virtualization Software: VirtualBox as the VM will be a VDI
- Minimal amount of RAM: 8 GB
Beta Workshop: for people using ARM based CPUs, you'll need to prepare your setup yourself:
1. create a VM with latest Ubuntu
2. download kunai release compiled for your architecture and try to run it on the VM. If it works you are ready.
3. all other materials will be made available at Workshop time
After having passed almost a decade working as an incident responder for a big European Institution I recently joined CIRCL as a developer. My development projects focus on endpoint monitoring and threat detection, mostly to provide open-source alternatives to paid solutions.
Topics of interest: programming, detection engineering, threat-hunting, bug hunting (when I have time)