osquery-extensions
osquery-extensions copied to clipboard
trailofbits
osquery extensions by Trail of Bits
My co-workers and I were talking today about how a nmap or nmap-like extension that could be used to perform ping sweeps and port scans could be very useful for...
1) Our CI script will need to fetch osquery from the official osquery repo, in order to build our extensions. We should be able to test at least macOS and...
Should document how to run the tests.
Feature request for switching the clientMode between monitor and lockdown. This is done via .mobileconfig or plist conf change
Implement a performance speedup on the new `santa_allowed` table using the constraints feature, such that the `santa_allowed` table can be queried faster using `WHERE` clauses. Example: https://github.com/facebook/osquery/blob/master/osquery/tables/system/darwin/signature.mm#L252 Reference: https://osquery.readthedocs.io/en/stable/development/creating-tables/
Differentiating between entries from renamed files and entries from deleted files in `ntfs_indx_data` table: > since directory indices are filename-based, renaming a file will in effect cause the old entry...
https://downloadcenter.intel.com/download/26755/INTEL-SA-00075-Detection-and-Mitigation-Tool https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
Hello All, I am currently working on fetching ntfs data and tried running extension using cmdline `osqueryi --disable_extensions=false --allow_unsafe --extension "C:\Program Files\osquery\extensions\trailofbits_osquery_extensions.ext.exe"`. I am facing the problem while executing above...
