Skip to content
View defensivedepth's full-sized avatar
112 followers · 9 following

Sponsoring

@endoflife-date
@firasdib
@thomaspatzke

Achievements

Achievement: Galaxy Brainx4Achievement: Pair Extraordinairex2Achievement: QuickdrawAchievement: YOLOAchievement: Pull Sharkx3Achievement: Arctic Code Vault ContributorAchievement: Public SponsorAchievement: Starstruck

Achievements

Achievement: Galaxy Brainx4Achievement: Pair Extraordinairex2Achievement: QuickdrawAchievement: YOLOAchievement: Pull Sharkx3Achievement: Arctic Code Vault ContributorAchievement: Public SponsorAchievement: Starstruck

Organizations

@Defensive-Depth

Block or report defensivedepth

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. osquery query to find systems that h... osquery query to find systems that have the compromised Mega Chrome Extension installed
    1 
    -- Joins chrome_extension and users table, looks for Mega chrome identifier and specific version number; should also consider running without the version number, to find all users with Mega extension installed and then get it removed prior to it updating.
    2 
    
              
    
              
    
                3
                
    SELECT users.username,chrome_extensions.name,chrome_extensions.version,chrome_extensions.path FROM chrome_extensions JOIN users ON users.uid = chrome_extensions.uid where chrome_extensions.identifier = 'bigefpfhnfcobdlfbedofhhaibnlghod' and chrome_extensions.version = '3.39.4';
    
              
    
          
    
    
    
  
    

    2. 

      
  2. 
  
    
    
    
      
    
        
    
            
          
osquery-filters
osquery-filters          Public
        
    
      
    


      
    
        
      
    

      
    
          
  
  Go


          
            
    

            34
          
          
            
    

            1
          
      
    
    
    
  
    

    3.