Kunai: your new Threat Hunting tool for Linux

  • 10-16, 15:30–16:00, Salle Europe
  • 10-19, 17:15–17:45, Salle Europe

All times in Europe/Luxembourg

Linux is an open-source OS; however, performing Threat Hunting on Linux using open-source software (OSS) is not easy, as only a few tools are available and maintained. A port of the well-known Sysmon tool, originally developed for MS Windows, has been made for Linux, but it suffers from several issues. In this presentation, I will introduce a brand-new open-source tool I have been working on for several months. This tool aims to be a Sysmon alternative for Linux and provides several features that Sysmon does not offer.

This presentation aims to introduce the community to Kunai, a new Threat Hunting tool designed specifically for Linux Systems.

I'll start by discussing the project's origin and my motivations for initiating it, followed by an exploration of the tool's inner workings and implementation details. This section will conclude with an overview of the challenges encountered during the tool's development.

Next, I will highlight its key features, emphasizing how it differs from existing tools. The latter part of this section will explore practical Threat Hunting scenarios that can be realized with the tool.

In conclusion, I will summarize the key takeaways from this tool and share our future plans for its development.

Quentin has been working as an incident responder for several years before focusing on endpoint threat detection. He recently dedicated all his time developing several open-source projects. His main topics of interest are ranging from threat detection to bug hunting but what he likes the most is to develop tools and open-source them when he judges it is relevant enough to do so.

This speaker also appears in: