Sign in Create account

#osquery — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #osquery, aggregated by home.social.

Josh Lemon @[email protected] · 2026-03-01 · 21:05 UTC

Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.
It also uses SQL-based queries to perform analysis, similar to #OSquery.
https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/
#MemoryForensics #IncidentResponse #DFIR #DigitalForensics

#linux #mquire #osquery #memoryforensics #incidentresponse #dfir
Thomas Strömberg @[email protected] · 2023-01-20 · 23:22 UTC

#osquery defense kit v1.6.0 just dropped with some new #blueteam queries: https://github.com/chainguard-dev/osquery-defense-kit
- unencrypted #GCP service account keys
- unexpected #sysctl calls
- unexpected #xattr calls
- unexpected file made #executable
- unexpected Security.Framework program
If nothing else, I hope the queries are useful ideas for others! Have a great weekend. 🌴

#executable #xattr #sysctl #gcp #blueteam #osquery