Hello, I am new to osquery and have installed it t...
# general
Hello, I am new to osquery and have installed it to solve my own problem. I've been ratted recently which AVs are not detecting. Basically someone is remotely connected to my laptop. I am learning osquery to solve this problem. Please let me know if you can suggest tools/tips to help me. Many thanks
Hi Bala, sorry to hear about that. I do not think osquery is going to solve this problem for you.
Hi Ted, Any suggestions to overcome this problem? I understand it is out of scope from this group's perspective. But if you have any suggestions please let me know. Thanks
if macOS or Linux, you could try the
table to check if there have been logins at suspicious times, or
on Windows to see if there are other users connected. There is also the
table which you could check for unknown or suspicious processes (although malware doesn't need to do this for an attacker to connect, so you can also check
👍 1
Thanks a lot @Mike Myers. Will try these options. Yes, its MacBook.
🙂 1