“consider JOINing against the users table”
osquery> select * from shell_history WHERE shell_history.uid IN (SELECT uid from users);
Who has stored the SSH private keys on the machine?
osquery> select * from shell_history WHERE shell_history.uid IN (SELECT uid from users) and shell_history.command like '%rsa%';
The path of the ftp service daemon running.
osquery> select path from processes where name='vsftpd';
The complete path of a specific binary run as root.
osquery> select * from shell_history WHERE shell_history.uid IN (SELECT uid from users) and shell_history.command like '%sudo%';
Sources:
https://www.attackdefense.com
https://www.first.org/resources/papers/conf2018/Wilson-Doug_FIRST_20180629.pdf
Subscribe to:
Post Comments (Atom)
Open Source Information Gathering using Windows Command Line Utilities
How to Find the Maximum Frame Size Packet needs to be fragmented but DF set, means that the frame is too large to be on the network and ne...
-
Planning and Operational variances Mix and Yield variances Advanced Idle Time variances Activity-Based...
-
Total Variances Possible reasons for Adverse Materials Expenditure Variance: Price Increase "Bad Buying...
-
Price\Demad Equation P = a - bQ where, P = Selling Price Q= Quantity Demanded at that Price a= Theoretical Maximum Price. (The demand ...
No comments:
Post a Comment