Title
#macos
aDamn

aDamn

05/06/2022, 3:11 AM
👋 hi all, I’m new to osquery and have recently come across a problem I was hoping it would solve, but am not sure it will. I am ultimately trying to keep a very close eye on our launchagents and daemons. I do see the launchd table has all the info from the plist, but for me to completely audit my environment I really need hashes of the binary the plist points to, because it is possible for an adversary to overwrite a launchd binary with malware. Assuming I don't have code execution on the host and am using something like fleetdm to submit queries, am I out of luck?