2025-10-21 –, Schengen 1 & 2
In this workshop, participants will learn everything they need to know to install Kunai and start monitoring their Linux environment to spot attackers or simply for fun.
In the first part, we will cover all the essential information about Kunai. This will include a quick walkthrough of the Kunai documentation, explaining what participants can expect from this tool. Simultaneously, we will conduct exercises to help participants become familiar with the tool, its command line, and configuration file.
In the second part, we will run exercises showcasing more advanced Kunai usage. This will include building custom detection rules to detect specific anomalies or malware, learning how to load Indicators of Compromise (IoCs) into the detection engine, and how to integrate Kunai with your favorite MISP instance. If time allows, we will also cover additional advanced topics.
In this workshop, participants will learn everything they need to know to install Kunai and start monitoring their Linux environment to spot attackers or simply for fun.
Part 1: Introduction to Kunai
- Essential Information: Cover all the essential information about Kunai.
- Documentation Walkthrough: Quick walkthrough of the Kunai documentation, explaining what participants can expect from this tool.
- Hands-on Exercises: Conduct exercises to help participants become familiar with the tool, its command line, and configuration file.
Part 2: Advanced Kunai Usage
- Custom Detection Rules: Building custom detection rules to detect specific anomalies or malware.
- Indicators of Compromise (IoCs): Learning how to load IoCs into the detection engine.
- Integration with MISP: How to integrate Kunai with your favorite MISP instance.
- Additional Topics: If time allows, we will also cover additional advanced topics.
Quentin has been working as an incident responder for several years before focusing on endpoint threat detection. He recently dedicated all his time developing several open-source projects. His main topics of interest are ranging from threat detection to bug hunting but what he likes the most is to develop tools and open-source them when he judges it is relevant enough to do so.