RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
osquery-defense-kit/detection/persistence/unexpected-kernel-extension...

13 lines
244 B
SQL
Raw Blame History

-- Display a list of non-Apple kernel extensions, which are exceedingly rare.
-- platform: darwin
SELECT
*
FROM
kernel_extensions
WHERE
path NOT LIKE "/System/Library/Extensions/%"
AND NOT (
idx = 0
AND name = "__kernel__"
);
Reference in New Issue View Git Blame Copy Permalink