valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 17:45:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,189 Commits 2 Branches 109 Tags 25 MiB
c948c403b8
Commit Graph

82 Commits

Author SHA1 Message Date
Javier Marcos
b126ed21d3 Adding OSX Malware SearchAwesome to osx-attacks (#5713) 2019-08-22 08:55:14 -04:00
divious1
f5645b95b5 detects when a proc is tapping keyboard event (#5345) 
Summary:
added osx-attack query that detects when a proc is tapping keyboard event, see details at:
https://twitter.com/d1vious/status/1083447632188579841
 inspiration:
https://t.co/8SEd2dgP5Y

not sure if a test is needed
Pull Request resolved: https://github.com/facebook/osquery/pull/5345

Differential Revision: D13669678

Pulled By: fmanco

fbshipit-source-id: 57fae7389a4579a817b827e58de94e0aacb581a5
 2019-01-15 06:43:32 -08:00
Javier Marcos
53dc36d735 Adding OSX Dummy malware to osx-attacks query pack (#4668) 2018-07-06 11:06:29 -04:00
Chris Long
8c815f27b5 packs: Adding MacSeach adware to osx-attacks (#4394) 2018-05-16 20:59:17 -07:00
Howard Griffith
78e039fbf0 packs: Adding ColdRoot RAT to osx-attacks detection list (#4377) 2018-05-10 15:14:47 -07:00
Erick Cheng
5e1a92375f packs: Update unwanted-chrome-extensions.conf (#4332) 2018-05-01 16:47:05 -07:00
Chris Long
fa487de584 packs: Updating reverse shell query in osx-attacks (#4255) 2018-05-01 10:37:25 -07:00
Chris Hills
67dd49a680 Fix typos in packs/windows-hardening.conf (#4282) 2018-04-13 11:36:49 -07:00
Erick Cheng
e0d4ab1742 Update osx-attacks.conf (#4218) 2018-04-08 22:05:15 -07:00
Chris Long
e70c043d48 packs: Adding behavioral reverse shell detection to osx-attacks (#4249) 2018-04-02 10:06:38 -07:00
Julien
3c54bf8a11 packs: windows compliance pack based on IAD SAMI (#4156) 2018-03-21 11:45:21 -07:00
Julien
98b7564d91 packs: remove escape - Error parsing the "windows-attacks" pack JSON (#4154) 2018-03-09 08:48:36 -08:00
Julien
1d96ac1f2c packs: adding platform tag incident-response pack (#4155) 2018-02-26 21:06:44 -08:00
Seshu Pasam
0dc59b8d2d Remove duplicate mode column in device_nodes query (#4107) 2018-02-07 10:40:17 -08:00
Doug Wilson
bf0eb6f36f added IOCs to query for OSX_MaMi malware (#4055) 2018-01-12 20:34:31 -05:00
Teddy Reed
e71390ca82
config: Allow scheduled queries to set blacklist=false (#4005) 2017-12-18 08:42:00 -08:00
Chris Long
0bfba4ff74 Adding OSX detection for HiddenLotus (#3982) 2017-12-03 18:45:50 -08:00
Chris Long
93850b69f9 Adding detection for new "Symantec" Proton variant (#3952) 2017-11-21 23:27:04 -08:00
Chris Long
8e10156a1f Creating a windows-hardening pack and moving queries there (#3935) 2017-11-18 09:20:53 -08:00
Nick Anderson
e43cb5f6fb
packs: fixing malformed win attack pack (#3928) 2017-11-15 21:46:48 -08:00
Nick Anderson
da5106f78c
packs: updating query versions in windows attack packs (#3926) 2017-11-14 20:48:21 -08:00
isairamm
4d4a84e370 packs: Query to identify ccleaner malware (#3790) 2017-11-14 20:44:39 -08:00
Chris Long
6fc5916a73 Adding queries to windows-attacks, fix version, nits (#3922) 2017-11-14 16:29:47 -08:00
Chris Long
5c25184c15 packs: Adding a pack for unwanted chrome extensions (#3889) 2017-10-26 08:34:16 -07:00
Tom de Vries
fe98652348 documentation: Fix typos (#3886) 2017-10-26 08:25:44 -07:00
Chris Long
4375495cb4 Detect Proton.C variant detection from Elmedia Player (#3858) 2017-10-20 19:44:15 -07:00
Babatunde Micheal Okutubo
f2cc194f6f Windows attacks query pack (#3754) 2017-10-02 20:11:24 -07:00
maus-
96d9f2693d Updated to scope all users by default (#3736) 2017-09-27 20:00:44 -07:00
Nick Anderson
3d27bfa6c2 packs: fixing backdoored python pack (#3707) 2017-09-16 11:29:26 -07:00
Nick Anderson
777f6e09e7 packs: adding checks for known bad python packages (#3700) 2017-09-15 10:54:21 -07:00
Chris Long
293331e244 Adding detection for osx-mughthesec (#3550) 2017-08-09 16:42:57 -07:00
Chris Long
1c9d6e4394 Updating shell_history in IR pack (#3549) 2017-08-09 15:57:23 -07:00
Chris Long
be1a943616 (#3500) Add Check for Additional Leverage Variant 2017-07-31 10:42:33 -07:00
Chris Long
b913029ee0 Adding osx_fruitfly to osx-attacks (#3493) 2017-07-24 22:00:43 -07:00
Teddy Reed
c26d045a08 packs: Update darwin's preferences table to plist (#3471) 2017-07-17 14:13:34 -07:00
Lambda Conjecture
ebae5785a7 Querypack equivalent of ossec rootkit db (#3377) 2017-06-05 12:28:32 -07:00
Chris Long
54e016c68a Adding EmPyre agent to osx-attacks (#3365) 2017-05-30 16:08:55 -07:00
Teddy Reed
31eb83a1f4 packs: Allow posix in pack platform selection (#3364) 2017-05-29 23:13:59 -07:00
Mitchell Grenier
9d2e5069ef Fix profile.py: Invalid control character at: line 114 (#3335) 2017-05-29 01:49:46 -07:00
Seshu Pasam
0cb7c3cc3e Fix spec file names and added missing version in packs (#3289) 2017-05-20 00:42:17 -07:00
Seshu Pasam
920a4b5194 [Fix 2956] augeas table returns no data. (#3260) 2017-05-11 00:00:34 -07:00
Chris Long
8fa436136d Adding OSX/Proton to osx-attacks.conf (#3261) 2017-05-09 11:45:31 -07:00
Doug Wilson
0feedaf827 Adding Fox-IT IOCs for OSX port of Snake malware (#3243) 2017-05-03 16:00:24 -07:00
Javier Marcos
84b1e5c39d Adding signatures for new OS X malware DOK (#3240) 2017-04-30 15:08:07 -07:00
Javier Marcos
88aba5ed18 Updating it-compliance pack with windows queries (#3050) 2017-03-10 12:08:24 -08:00
Javier Marcos
db4d3ae736 Updating pack with new intervals and queries (#3033) 2017-03-03 18:30:59 -08:00
Javier Marcos
ab07bc21f7 Adding Pronto to detection in OSX (#2998) 2017-02-14 09:41:03 -08:00
Javier Marcos
6125d38fc8 Update vulnerability-management pack (#2997) 2017-02-14 09:35:12 -08:00
Chris Long
3b39ae23a6 Updating the interval on osx-attacks to check hourly instead of daily (#2941) 2017-01-26 19:06:37 -08:00
Matt Burdan
6937428a08 Add Quimitchin backdoor IOCs to osx-attacks pack (#2921) 2017-01-19 21:27:55 -08:00