2026-05-06 –, Workshops May 6th (C1.03.06)
Get hands-on with Kunai in this practical workshop! You'll learn to deploy and configure this Linux monitoring tool, then dive into advanced threat detection techniques. We'll start with the basics - installation, configuration, and core functionality - before moving to advanced topics like custom rule creation, IoC integration, and MISP connectivity. Whether you're securing production systems or just exploring Linux security monitoring, this workshop will give you practical skills to detect and investigate threats.
Part 1: Kunai Fundamentals
- Quick Start: Get Kunai up and running on your system
- Core Concepts: Understand Kunai's architecture and monitoring capabilities
- Hands-on Basics: Navigate the CLI, configure monitoring, and interpret events
Part 2: Advanced Threat Detection
- Custom Rules: Write detection rules for specific threats and anomalies
- IoC Integration: Load and leverage Indicators of Compromise
- MISP Connectivity: Enhance your threat intelligence with MISP integration
- Real-world Scenarios: Apply Kunai to actual threat detection challenges
Part 3: Bonus Topics (time permitting)
- Using Kunai sandbox to share traces
- Creating detection rules for specific malware
Quentin is a Rust developer at CIRCL. Inspired by his background in incident response and threat detection, he develops open-source security tools to solve practical problems. His main interests include threat detection, bug hunting, and building tools that help the security community.