Hello, I am new to osquery and have installed it to solve my own problem. I've been ratted recently which AVs are not detecting. Basically someone is remotely connected to my laptop. I am learning osquery to solve this problem. Please let me know if you can suggest tools/tips to help me. Many thanks

Hi Bala, sorry to hear about that. I do not think osquery is going to solve this problem for you.

Hi Ted, Any suggestions to overcome this problem? I understand it is out of scope from this group's perspective. But if you have any suggestions please let me know. Thanks

if macOS or Linux, you could try the

last

table to check if there have been logins at suspicious times, or

logon_sessions

on Windows to see if there are other users connected. There is also the

listening_ports

table which you could check for unknown or suspicious processes (although malware doesn't need to do this for an attacker to connect, so you can also check

process_open_sockets

).

Thanks a lot @Mike Myers. Will try these options. Yes, its MacBook.