RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-27 15:30:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
20452b128b
osquery-defense-kit/detection/persistence/unexpected-kernel-extensions.sql
Thomas Stromberg 20452b128b
Migrate query strings from double to single apostrophes
2022-10-13 14:59:32 -04:00

13 lines
244 B
SQL
Raw Blame History

-- Display a list of non-Apple kernel extensions, which are exceedingly rare.
-- platform: darwin
SELECT
*
FROM
kernel_extensions
WHERE
path NOT LIKE '/System/Library/Extensions/%'
AND NOT (
idx = 0
AND name = '__kernel__'
);
Reference in New Issue View Git Blame Copy Permalink