├── LICENSE.txt ├── Linux ├── files_in_development ├── generic_linux.conf ├── linux_browser_extensions.conf ├── linux_command_execution.conf ├── linux_home_root_hidden_file_directory.conf ├── linux_kernel_modules_and_extensions.conf ├── linux_local_job_scheduling.conf ├── linux_network_connections.conf ├── linux_relevant_folder_check.conf ├── linux_running_processes.conf └── linux_users_check.conf ├── README.md ├── docs ├── osquery_attck.JPG └── to_check ├── network_connection_listening.conf ├── windows-incorrect_parent_process.conf ├── windows-incorrect_path_process.conf ├── windows-registry-monitoring.conf ├── windows_anomaly_process-execution.conf ├── windows_browsere-extensions.conf ├── windows_critical_service_status.conf ├── windows_generic_detection.conf ├── windows_new_dir_relevant_infection_path.conf ├── windows_new_file_relevant_infection_path.conf ├── windows_persistence-startup_items.conf ├── windows_powershell_events.conf ├── windows_process_no_disk_binary.conf ├── windows_scheduled_tasks.conf ├── windows_service-persistence.conf └── windows_system_running_processes.conf /LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/LICENSE.txt -------------------------------------------------------------------------------- /Linux/files_in_development: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/files_in_development -------------------------------------------------------------------------------- /Linux/generic_linux.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/generic_linux.conf -------------------------------------------------------------------------------- /Linux/linux_browser_extensions.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/linux_browser_extensions.conf -------------------------------------------------------------------------------- /Linux/linux_command_execution.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/linux_command_execution.conf -------------------------------------------------------------------------------- /Linux/linux_home_root_hidden_file_directory.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/linux_home_root_hidden_file_directory.conf -------------------------------------------------------------------------------- /Linux/linux_kernel_modules_and_extensions.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/linux_kernel_modules_and_extensions.conf -------------------------------------------------------------------------------- /Linux/linux_local_job_scheduling.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/linux_local_job_scheduling.conf -------------------------------------------------------------------------------- /Linux/linux_network_connections.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/linux_network_connections.conf -------------------------------------------------------------------------------- /Linux/linux_relevant_folder_check.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/linux_relevant_folder_check.conf -------------------------------------------------------------------------------- /Linux/linux_running_processes.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/linux_running_processes.conf -------------------------------------------------------------------------------- /Linux/linux_users_check.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/Linux/linux_users_check.conf -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/README.md -------------------------------------------------------------------------------- /docs/osquery_attck.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/docs/osquery_attck.JPG -------------------------------------------------------------------------------- /docs/to_check: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /network_connection_listening.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/network_connection_listening.conf -------------------------------------------------------------------------------- /windows-incorrect_parent_process.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows-incorrect_parent_process.conf -------------------------------------------------------------------------------- /windows-incorrect_path_process.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows-incorrect_path_process.conf -------------------------------------------------------------------------------- /windows-registry-monitoring.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows-registry-monitoring.conf -------------------------------------------------------------------------------- /windows_anomaly_process-execution.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_anomaly_process-execution.conf -------------------------------------------------------------------------------- /windows_browsere-extensions.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_browsere-extensions.conf -------------------------------------------------------------------------------- /windows_critical_service_status.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_critical_service_status.conf -------------------------------------------------------------------------------- /windows_generic_detection.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_generic_detection.conf -------------------------------------------------------------------------------- /windows_new_dir_relevant_infection_path.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_new_dir_relevant_infection_path.conf -------------------------------------------------------------------------------- /windows_new_file_relevant_infection_path.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_new_file_relevant_infection_path.conf -------------------------------------------------------------------------------- /windows_persistence-startup_items.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_persistence-startup_items.conf -------------------------------------------------------------------------------- /windows_powershell_events.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_powershell_events.conf -------------------------------------------------------------------------------- /windows_process_no_disk_binary.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_process_no_disk_binary.conf -------------------------------------------------------------------------------- /windows_scheduled_tasks.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_scheduled_tasks.conf -------------------------------------------------------------------------------- /windows_service-persistence.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_service-persistence.conf -------------------------------------------------------------------------------- /windows_system_running_processes.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/teoseller/osquery-attck/HEAD/windows_system_running_processes.conf --------------------------------------------------------------------------------