RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-17 01:47:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
146afa8c7f
osquery-defense-kit/detection/execution/unexpected-mounts.sql

10 lines
241 B
MySQL
Raw Normal View History

Initial re-organization around the MITRE ATT&CK framework
2022-10-12 01:53:36 +00:00
-- Detect weird mounts, like mounting the EFI partition
-- See https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/
SELECT
*
FROM
mounts
WHERE
device = "/dev/disk0s1"
AND type = "msdos";
Reference in New Issue Copy Permalink