久しぶりのブログです!
Leveraging osquery to examine the XProtect Behavioral Service DB
On Dec 11, 2017, I published the initial release of DetectionLab. I never expected the project to garner the attention that it did, and I couldn’t be more thankful for all of the positive experiences that came about from building it. However, after nearly 6 years of actively maintaining, expanding, and improving the project, I think it’s finally time to call it a day on DetectionLab development.
Over the past few years, I’ve occasionally needed to do some quick forensics on Linux hosts. Each time I do, I find myself stitching together 5-10 different pages of content to pull together the information I need to grab the disk and memory collections.
