Join us for a 2-day osquery conference at Convene at 32 Old Slip, New York, NY 10005 focused on bringing security, devops, macadmins, and other experts in the Osquery community together. QueryCon is now in its second year, with its new host Trail of Bits and a new location in New York City.
Following last year’s format, there will be a single speaking track, and a community workshop.
Registration grants you full access to our two-day single track conference, packed with osquery experts, leaders, major open-source contributors, and community members.Learn More
After a long day of talks, spend time imbibing with osquery leaders, contributors, speakers, and other conference goers at this attendee-only networking event. Drinks and delicious food are on us!Learn More
Inspired by the talks? The community workshop lets you put your ideas into action in a communal setting where you can get hands-on experience guided by experts, collaborate on issues, and network with community members.Learn More
QueryCon19 will be held at the Convene, in downtown Manhattan, just steps from Wall Street and the New York Stock Exchange.
Facebook's Osquery is a Linux and OS X intrusion detection and response tool. It supports 10 OS flavors and is continuously built for 8 of those. It is very important that the infrastructure used to test, build, and publish security software be secure itself. This discussion presents how our Security team has enabled any Github contributor to submit C/C++/bash code to our CI and build server, safely. We will guide the audience through our CI hardening process and the attack and vulnerability reports we have received through our bug bounty targeting CI. This includes isolating a Mac Mini fleet of build slaves, not trusting Jenkins as much as possible, automatically building, signing, and publishing packages to AWS S3, doing the same for OS X kernel extension code, adding 2-factor to everything.