https://github.com/osquery/osquery logo
Title
b

Brandon Mesa

11/14/2022, 4:37 PM
Hey all! anyone doing anything cool for monitoring data exfiltration?
m

Maksym Varnakov

11/15/2022, 10:19 AM
Hi, not directly related to your question, but this article was pretty interesting for me https://clo.ng/blog/osquery_reverse_shell/ Also, evented tables like process_events or socket_events are my favorite ways to track suspicious outbound connections or processes that run for a very short time and can't be detected using something like "ps" or "netstat" commands.