Hey all! anyone doing anything cool for monitoring data exfiltration?
m
Maksym Varnakov
11/15/2022, 10:19 AM
Hi, not directly related to your question, but this article was pretty interesting for me https://clo.ng/blog/osquery_reverse_shell/
Also, evented tables like process_events or socket_events are my favorite ways to track suspicious outbound connections or processes that run for a very short time and can't be detected using something like "ps" or "netstat" commands.