I know something like this already exists somewhere, and absolutely open to learning better ways:
github.com/mubix/Find-W...
For finding what might be affected by CVE-2025-59287 or you can use an EDR / OSQuery to find systems with the WSUSService service.
github.com/mubix/Find-W...
For finding what might be affected by CVE-2025-59287 or you can use an EDR / OSQuery to find systems with the WSUSService service.
GitHub - mubix/Find-WSUS: Helps defenders find their WSUS configurations in the wake of CVE-2025-59287
Helps defenders find their WSUS configurations in the wake of CVE-2025-59287 - mubix/Find-WSUS
github.com
October 28, 2025 at 1:17 AM
Everybody can reply
3 reposts
8 likes
1 saves
If you’re using #kubernetes, and you’re using #osquery, you should check out kube-query! Here’s an intro by @simarpreet7 https://youtu.be/s3gW-Txnqdg
November 9, 2024 at 5:13 AM
Everybody can reply
Your new favorite Cheatsheet - Threat Hunting w/ Windows 🪟 + osquery
osquery provides a powerful SQL interface that you can use to hunt adversaries in your network.
Coupled with fleet management software like fleetdm / zentral, it allows you to query all your endpoints at once! 💜💜💜
#hacking
osquery provides a powerful SQL interface that you can use to hunt adversaries in your network.
Coupled with fleet management software like fleetdm / zentral, it allows you to query all your endpoints at once! 💜💜💜
#hacking
July 29, 2024 at 5:07 PM
Everybody can reply
1 reposts
2 likes
Presenting on osquery in a couple hours at @devopsdaysaustin.bsky.social!
May 1, 2025 at 1:27 PM
Everybody can reply
2 likes
Find out why Reddit chose Tetragon over osquery and some of the highlights from their talk at Cilium + eBPF Day
Thanks Pratik Lotia for the write up!
Thanks Pratik Lotia for the write up!
From the RedditEng community on Reddit
Explore this post and more from the RedditEng community
buff.ly
January 9, 2025 at 4:23 PM
Everybody can reply
1 likes
Bear in mind, there are many other keys that can provide persistence, so a tool like Sysinternals autoruns is more comprehensive, but this is a start for osquery users!
November 30, 2024 at 12:48 AM
Everybody can reply
osquery 5.16.0 https://packetstorm.news/files/189093
February 10, 2025 at 6:07 PM
Everybody can reply
Raise your paw if you'd like Ubuntu 18.04 Bionic LTS .debs for osquery for arm64/aarch64.
@artemist0 has been working on a port and I've been helping test; it's one of our main gaps that prevents us from running production workloads on ARM (e.g. A1) instances on AWS.
@artemist0 has been working on a port and I've been helping test; it's one of our main gaps that prevents us from running production workloads on ARM (e.g. A1) instances on AWS.
January 14, 2025 at 12:45 AM
Everybody can reply
found this super cool project called osquery which lets you run SQL on your OS as if it's a database!
You can do things like `select * from etc_hosts` to list all addresses and hostnames in a table, wow
github.com/osquery/osqu...
You can do things like `select * from etc_hosts` to list all addresses and hostnames in a table, wow
github.com/osquery/osqu...
December 11, 2024 at 2:51 PM
Everybody can reply
2 reposts
16 likes
Unveiling the Power Duo: osquery and osctrl
Unveiling the Power Duo: osquery and osctrl
javuto.medium.com
August 6, 2024 at 4:54 PM
Everybody can reply
Detecting High Risk Chrome Extensions with OSQuery
Detecting High Risk Chrome Extensions with OSQuery
medium.com
February 5, 2025 at 8:54 PM
Everybody can reply
[Backport release-25.05] osquery: 5.16.0 -> 5.17.0
https://github.com/NixOS/nixpkgs/pull/414310
#security
https://github.com/NixOS/nixpkgs/pull/414310
#security
June 5, 2025 at 8:03 PM
Everybody can reply
If you use Elastic, @acjewitt.bsky.social wrote up how you can use their osquery based agent to get an inventory of browser extensions in your environment allowing you to know what is installed by your users no matter what browser. More with Elastic to come 👨🍳
How to detect malicious browser extensions using Elastic
Learn how the Elastic Infosec team created a full inventory of all browser extensions using osquery and Elastic Security with examples on building detections to alert the security team when a known…
www.elastic.co
February 6, 2025 at 5:45 PM
Everybody can reply
3 reposts
4 likes
I've always thought that having the ability to set "tripwires" on arbitrary files on an endpoint would be a huge defensive advantage. Today, that is now a reality for all users of osquery in macOS: material.security/blog/protect...
File Access Monitoring with Osquery
Protecting the security and privacy of our customers' data is our top priority at Material Security. We are constantly improving our ability to detect and respond to increasingly sophisticated threats...
material.security
October 31, 2023 at 4:06 PM
Everybody can reply
1 likes
Strong vouch for @SnepOnSecurity, without her we wouldn't have @osquery on aarch64/arm64, and our Graviton2 port at Honeycomb in 2020 would never have met security requirements. https://twitter.com/SnepOnSecurity/status/1529209309741350912
January 14, 2025 at 7:48 AM
Everybody can reply
Whenever I see "#Facebook" touting "#security" in the same article, I have to make sure I'm not reading @TheOnion. https://thehackernews.com/2016/09/osquery-security-tool.html
December 1, 2024 at 7:10 AM
Everybody can reply
ID: CVE-2024-23443
CVSS V3.1: MEDIUM
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
#security #infosec #cve-alert
CVSS V3.1: MEDIUM
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
#security #infosec #cve-alert
nvd.nist.gov
June 19, 2024 at 2:15 PM
Everybody can reply
osquery 5.18.1-1 x86_64 SQL powered operating system instrumentation, monitoring, and analytics
Interest | Match | Feed
Interest | Match | Feed
Origin
archlinux.org
July 23, 2025 at 6:43 AM
Everybody can reply
Research on APT‑linked RATs used in Operation Sindoor details a multi‑stage infection flow and an Osquery telemetry framework with a detection rule for parent‑child processes and outbound domains. https://getnews.me/malware-analysis-and-detection-for-operation-sindoor-cyber-campaign/ #sindoor #apt
October 7, 2025 at 10:48 PM
Everybody can reply
i am just finding out about `.mode line` in the osquery shell and wow. no more ⌘- for me!
October 11, 2025 at 8:08 PM
Everybody can reply