2024-07-04, 09:10–09:30 (Europe/Paris), Amphitheater
In this talk, we'll delve into the evolution and foundational principles of Kunai, a specialized threat detection and hunting tool crafted for Linux environments. We'll revisit its core objectives while unveiling its latest features, including its integration with MISP and its detection rules engine, demonstrating how Kunai enhances daily Linux machine monitoring. Through practical demonstrations and real-world examples, attendees will learn how to leverage Kunai's capabilities to reinforce the security of Linux infrastructures against ever-evolving cyber threats.
After having passed almost a decade working as an incident responder for a big European Institution I recently joined CIRCL as a developer. My development projects focus on endpoint monitoring and threat detection, mostly to provide open-source alternatives to paid solutions.
Topics of interest: programming, detection engineering, threat-hunting, bug hunting (when I have time)