Fritz Ifert-MillerinKolide8 SQL snippets to make you an osquery datetime expertLearning to interact with timestamps has never been easier as we explore SQL’s various date and time functions and how they can be used.Dec 14, 2021Dec 14, 2021
Fritz Ifert-MillerinKolideWhy you can’t trust your NULLs in OsqueryThe pain of empty strings in SQLite: A basic assumption of nearly any database is that the absence of data in a table is recorded as NULL.Oct 14, 2021Oct 14, 2021
Fritz Ifert-MillerinKolideDetermining Mac Hardware Manufacture Date Using OsqueryCreating virtual lookup tables in SQLiteSep 22, 2021Sep 22, 2021
Fritz Ifert-MillerinKolideModern Macs Still Need FileVaultBuilt-in Mac SSD Encryption Is Easily Bypassed by an Attacker With Physical Access if Filevault Isn’t EnabledDec 28, 20203Dec 28, 20203
Fritz Ifert-MillerinKolideChecking macOS Screenlock RemotelyThey (we) said it couldn’t be doneJul 23, 20202Jul 23, 20202
Fritz Ifert-MillerinKolideAre your employees Slack Messages leaking while their screen is locked?Notification Preferences: Interpreting Bit fields with OsqueryMar 16, 2020Mar 16, 2020
Fritz Ifert-MillerinKolideHow to Set Up Windows File Integrity Monitoring using Osquery and KolideUsing the ntfs_journal_events table in Osquery 4.2.0Feb 28, 2020Feb 28, 2020
Fritz Ifert-MillerinKolideUsing Kolide + osquery to find and fix critical Windows Crypto VulnerabilityOn Monday the NSA announced a critical vulnerability (CVE-2020–0601) in Windows 10 which allows an attacker to “undermine how Windows…Jan 15, 2020Jan 15, 2020
Fritz Ifert-MillerinKolideManipulating plist and registry output in osqueryPivoting SQL data with MAX & CASENov 26, 2019Nov 26, 2019
Fritz Ifert-MillerinKolidemacOS Catalina & osquery“I’m sorry Dave, I can’t let you query that…”Oct 9, 20192Oct 9, 20192