Channels
#fleet
Title
# fleet
k
Kathy Satterlee
08/11/2022, 4:15 PMHere are the Workshop notes:
https://docs.google.com/document/d/1AQtsxt6PKykaspivzcPGW05eX6q5lsDwEeTZNKahThQ/edit
g
Guillaume
08/11/2022, 4:18 PMgit clone -b defcon <https://github.com/ksatter/fleet-docker.git>k
Kathy Satterlee
08/11/2022, 4:30 PMLink to Google Drive: https://drive.google.com/drive/u/0/folders/1yg2ijwcSWRwDVvA0Byy8oAPTKhRAImqa
g
Guillaume
08/11/2022, 4:46 PMThe password for the Workshop instance is :
DEFCON2022workshop!k
Kathy Satterlee
08/11/2022, 5:14 PMg
Guillaume
08/11/2022, 6:32 PMIf you want to set up your VULN automations, use this webhook -> https://rustling-snow-6608.tines.com/webhook/0fe6acf0c2b62cdf527eeffdbcefb7a3/1ebd48b0aa19e1954791e30eda28eb69
YARA example query:
Copy code
sql
SELECT * FROM yara WHERE path like ‘/root/%%’ AND sigrule IN (
‘rule eicar {
strings:
$s1 = “X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*” fullword ascii
condition:
all of them
}’
) AND matches=‘eicar’;12 Views