2024-10-10, 15:00–15:30 (Europe/Luxembourg), Room C1.03.05
In a landscape where cyber threats continue to grow in volume, many organizations using Linux systems still lack effective tools for robust security monitoring. Kunai is a threat hunting and detection tool specifically designed to address this gap. This talk will provide a high-level overview of Kunai’s development, key features, and practical applications, demonstrating how it enables organizations of any size to better understand and respond to potential threats. We will emphasize the open-source aspects of the tool, including its pluggability with existing OSS (Open Source Software). Whether you're in IT or simply interested in cybersecurity, this session will provide valuable insights into how Kunai is reshaping threat detection and security monitoring on Linux systems.
This session introduces Kunai, a threat hunting and detection tool specifically designed for Linux systems, addressing the critical need for effective security monitoring. Kunai has been developed over nearly two years to fill the gaps left by traditional security solutions. The talk begins with an introduction to the project, outlining its history and highlighting the key differences between Kunai, classical antivirus software, and performance monitoring tools. We will also discuss the core principles behind Kunai's development, including its pluggability with other open-source software (OSS) projects, comprehensive documentation, and community-driven approach.
In the second part, we’ll explore Kunai’s features, focusing on its Linux container monitoring capabilities, event correlation, and self-protecting features. We’ll also discuss how Kunai integrates seamlessly with other OSS tools, further enhancing its utility in diverse environments.
The third section of the talk delves into practical use cases, showcasing Kunai’s real-time threat detection capabilities through a custom rule engine and Indicator of Compromise (IoC) based detection. Additionally, we’ll explore how Kunai serves as a valuable resource for digital forensic investigations, emphasizing its fine-grained event filtering for detailed analysis.
The session will conclude with a discussion on future developments for Kunai and a broader look at how it continues to reshape threat detection and security monitoring on Linux systems. This talk is designed to be accessible to a wide audience, providing key insights for anyone interested in cybersecurity, especially within Linux environments.
After having passed almost a decade working as an incident responder for a big European Institution I recently joined the Computer Incident Response Center Luxembourg (CIRCL) as a developer. My development projects focus on endpoint monitoring and threat detection, mostly to provide open-source alternatives to paid solutions.
Topics of interest: programming, detection engineering, threat-hunting, bug hunting (when I have time)