OSQUERY sql

 How to see all tables heading

.tables


How to see all columns fom schema

. schema tablename

 

How to see system info

select * from system_info;


How to see users

select username,uid,shell from users;


How to see a process with multi table join and suspesious and their services

select p.name,p.path,pp.name as parentname, pp.path as parentpath from processes as p left outer join processes as pp on p.parent=pp.pid order by p.name;


How to check process other than services are vulnerable

select name,pid,path,display_name from services where start_type = 'auto_start' and path not like 'C:\Windows\System32\svchost.exe -k %';


How to see install location for program

select name,install_location from programs;


How to see specific installed apps

select name,install_location from programs where name like '%brave%';


How to see user directory

select uid,username,shell,directory from users;


how to see auto startup

select name,path,source,status from startup_items where path not like '%desktop.ini%';


How to see registery data

select dATA from registry where key like '(type or copy paste registry location)';


how to see admin level users

select users.uid,users.username,shell from user_groups inner join users on user_groups.uid = users.uid where user_groups.gid = 544;


How to see browser extention

select * from chrome_extensions;


How to see browser extension permisions

select name,permissions from chrome_extensions;


How to check threats via shim based id

select executable,path,description,sdb_id from appcompat_shims;


How to check network based web server problems

select name, cwd, parent, pid from processes;


How to check network based problems on a specific app

select name, cwd, parent, pid from processes where name like '%brave.exe%';


How to check processes open from remote machine by cmdline

select name, cwd, parent, cmdline pid from processes where name like '%brave.exe%' limit 1;


How to see active listening ports

select distinct processes.pid, listening_ports.port,processes.name from processes left join listening_ports using (pid);


Comments

Post a Comment

Popular posts from this blog

Nokia Lumia 1020 W10 update

  All in one link https://shrinke.me/UQOR https://mega.nz/folder/7Q8n1STS#GpjOC1KogDa5O9Pf5RF78Q Interop instalation to root access https://youtu.be/TraZl4yByv0 Separate link to move on Download guide https://shrinke.me/ufWjml W10 mobile offline Updater tool https://shrinke.me/Am9U Iutool https://shrinke.me/NAoCq https://shrinke.me/EVJg 7z extractor 64 bit https://shrinke.me/cP3mSq6Z Otc updater tool. Click download to download https://shrinke.me/Xl4qvv ARM https://shrinke.me/ak7h English keyboard 123.cab file https://shrinke.me/IpQcGv1 Download all files First, your phone must be in wp8.1 denim or cyan update. connect it to your pc via good USB cable open otc updater and update it and update it until it says no update available. download the W10 mobile offline Updater tool (1.61GB) and extract it with 7z extractor. inside that extract 2nd gen folder is available. inside there 768x1280 folder available. Open iutool by copying cmd.exe from pc to iutool folder ...
Read more

Well foundation

Image
Introduction Well foundations are one of the types of deep foundations that provide a solid and massive foundation typically for bridges and heavy structures. Well foundations are also useful for transmission line towers, where uplift loads are large. In earlier practice, well foundations were constructed with stone or brick, but today they are mostly of reinforced concrete. The advantages of well foundations are that they are monolithic and rigid, being a massive sub­structure. They have better lateral load resistance than pile foundations. Well foundations can also be conveniently installed in a boulder stratum as well. Well foundations had their origin in India and have been used for hundreds of years for providing deep founda­tions for important buildings and bridges. Many Mughal monuments, including the famous Taj Mahal and several bridges, were supported on well foundations. The largest well used in the world in the early part of 20th century is the 73.8-m deep caisson provided f...
Read more

Ubuntu on VMware workstation pro

Image
 Workstation pro link https://mega.nz/file/aR0GCbjS#hEoY2WiCiEjC54QFABspLvQbwCAtZly7DQzhV9oPFh8 key hEoY2WiCiEjC54QFABspLvQbwCAtZly7DQzhV9oPFh8 Ubuntu https://ubuntu.com/download#download Download these files. Create vmware virtual machine Insert iso file in cd drive in it Switch on the vmware machine and install Do initial setup and enjoy...
Read more