iOS analysis using the Sysdiagnose analysis framework workshop - advanced session
2025-10-23 , Schengen 1 & 2

This is the second part, or deep dive, of the Sysdiagnose Analysis Framework Workshop.

We will continue on the topics discussed in the first workshop, but here the focus is on diving DEEP in lots of the data that is present in the sysdiagnose archive.
Please ONLY attend this workshop if you either attended previous year's session or attended the beginners session, or already used the sysdiagnose analysis framework before.


We will get our hands dirty and dive deeper into advanced Splunk queries digging into data and better understanding what is in the Sysdiagnose archive.

We will also develop a parser and/or analyser for the sysdiagnose analysis framework

Prerequisites for attending the workshop are:
- Having downloaded the workshop material beforehand, prepared the Splunk docker, and have a python development environment ready.
- Solid experience with Splunk Query Language
- Solid experience with grep, sed, awk and jq (or their alternatives)
- Experience with development in python
- Familiarity with the sysdiagnose analysis framework

In addition to providing his services as an independent cybersecurity expert, Christophe actively serves as a Belgian Cyber Reservist and contributes significantly to open-source projects. He is the founder of the MISP Threat Sharing Platform. His contributions to the community also include the creation of MISP-maltego and pystemon, the active development of the sysdiagnose framework, as well as his previous involvement in organizing the FOSDEM conference.
When not immersed in the world of cybersecurity, Christophe enjoys outdoor pursuits such as hiking, climbing, mountaineering, and sailing, finding solace in the beauty of nature.

This speaker also appears in: