Quentin JEROME
Quentin has been working as an incident responder for several years before focusing on endpoint threat detection. He recently dedicated all his time developing several open-source projects. His main topics of interest are ranging from threat detection to bug hunting but what he likes the most is to develop tools and open-source them when he judges it is relevant enough to do so.
Session
In this workshop, participants will learn everything they need to know to install Kunai and start monitoring their Linux environment to spot attackers or simply for fun.
In the first part, we will cover all the essential information about Kunai. This will include a quick walkthrough of the Kunai documentation, explaining what participants can expect from this tool. Simultaneously, we will conduct exercises to help participants become familiar with the tool, its command line, and configuration file.
In the second part, we will run exercises showcasing more advanced Kunai usage. This will include building custom detection rules to detect specific anomalies or malware, learning how to load Indicators of Compromise (IoCs) into the detection engine, and how to integrate Kunai with your favorite MISP instance. If time allows, we will also cover additional advanced topics.