Quentin JEROME
Quentin is a Rust developer at CIRCL. Inspired by his background in incident response and threat detection, he develops open-source security tools to solve practical problems. His main interests include threat detection, bug hunting, and building tools that help the security community.
Sessions
Get hands-on with Kunai in this practical workshop! You'll learn to deploy and configure this Linux monitoring tool, then dive into advanced threat detection techniques. We'll start with the basics - installation, configuration, and core functionality - before moving to advanced topics like custom rule creation, IoC integration, and MISP connectivity. Whether you're securing production systems or just exploring Linux security monitoring, this workshop will give you practical skills to detect and investigate threats.
File identification has been a long-standing problem in software development, traditionally relying on legacy C code embedded within memory-safe applications. Magic-rs is a Rust ecosystem providing near-full compatibility with libmagic's file type detection while eliminating unsafe code. The ecosystem includes Python bindings and a CLI utility called wiza that we will demonstrate. We'll explore key advantages, architecture, and how you can use it in your projects or contribute to improving libmagic compatibility.
This talk explores Kunai, an open-source security monitoring tool that brings threat-detection capabilities to Linux systems using eBPF technology. We begin with an overview of Kunai's purpose, architecture, and core monitoring capabilities. The session then dives into recent advancements, highlighting key features and improvements. Finally, we examine practical use cases in threat detection, incident response, and digital forensic analysis, demonstrating how Kunai enhances cyber incident investigations.