osquery extensions by Trail of Bits
Home Page: https://blog.trailofbits.com/2017/12/14/announcing-the-trail-of-bits-osquery-extension-repository/
License: Apache License 2.0
I downloaded the official osquery 4.5.0.msi and installed on a Windows 10 system. When running osqueryi.exe using the following
osqueryi.exe --allow_unsafe --extension trailofbits_osquery_extensions.ext.exe
I am getting lots of errors when trying to use any INSERT or DELETE commands in the HostBlacklist or PortBlacklist tables. Any help would be much appreciated.
I have tried on two Windows 10 systems and both are showing the same issue.
osquery> select * from HostBlacklist;
+---------+---------------+-----------+----------------+-----------+
| address | domain | sinkhole | firewall_block | dns_block |
+---------+---------------+-----------+----------------+-----------+
| | www.yahoo.com | 127.0.0.1 | | UNMANAGED |
+---------+---------------+-----------+----------------+-----------+
osquery> DELETE FROM HostBlacklist WHERE domain="www.yahoo.com";
Error: SQL logic error
osquery> DELETE FROM HostBlacklist WHERE domain ="www.yahoo.com";
Error: SQL logic error
osquery> DELETE FROM HostBlacklist WHERE domain = "www.yahoo.com";
Error: SQL logic error
osquery> SELECT domain from HostBlacklist;
+---------------+
| domain |
+---------------+
| www.yahoo.com |
+---------------+
osquery> INSERT INTO HostBlacklist(domain, sinkhole, address_type) VALUES ("www.google.com", "127.0.0.1", "ipv4");
Error: datatype mismatch
osquery>
My co-workers and I were talking today about how a nmap or nmap-like extension that could be used to perform ping sweeps and port scans could be very useful for device discovery on a network.
We're torn between using nmap directly and having the table work something like select * from nmap where args = '<insert standard nmap args>'or if it would be better to create an nmap-like extension that scans using native code instead of needing nmap to be installed on the system.
The build instructions that are written in the README are not working properly as i have followed every step and even though the osqueryi.exe and osqueryd.exe are compiled correctly the extension's exe file isn't created at all and it doesn't even throw a single error, the build instruction for the 3.3.2 sdk were working fine and i was able to compile the extension.
README.mdRef: osquery/osquery#6904
If users still want to use an extension, refer to https://github.com/macadmins/osquery-extension
The iptables extension fails to build with 4.x due to arithmetic on void pointers. It includes the netfilter library headers which uses the pointer arithmetic.
In file included from /home/akkumar/osquery_workspace/osql/build/libs/src/libiptables/include/libiptc/libiptc.h:12:
/usr/local/osquery-toolchain/usr/include/linux/netfilter_ipv4/ip_tables.h:222:19: error: arithmetic on a pointer to void
return (void *)e + e->target_offset;
~~~~~~~~~ ^
In file included from /home/akkumar/osquery_workspace/osql/build/external/external_trailofbits/osquery_extension_group_main.cpp:18:
In file included from /home/akkumar/osquery_workspace/osql/external/external_trailofbits/iptables/src/ip6tables_ext.h:28:
In file included from /home/akkumar/osquery_workspace/osql/build/libs/src/libiptables/include/libiptc/libip6tc.h:12:
/usr/local/osquery-toolchain/usr/include/linux/netfilter_ipv6/ip6_tables.h:262:19: error: arithmetic on a pointer to void
return (void *)e + e->target_offset;
Differentiating between entries from renamed files and entries from deleted files in ntfs_indx_data table:
since directory indices are filename-based, renaming a file will in effect cause the old entry to be marked as inactive, and create a new entry in the index. Differentiating a renamed file from a deleted one will require additional analysis.
It might take some studying to know whether it can be done. If it's just not feasible, then it could be addressed as a note in the extension's README.
Well , base on https://github.com/trailofbits/osquery-extensions/blob/master/README.md
# Follow https://osquery.readthedocs.io/en/latest/development/building/
# and stop before the configure step
d:
git clone --recurse-submodules https://github.com/trailofbits/osquery-extensions.git
cd d:\osquery
New-Item -ItemType SymbolicLink -Name external\extension_trailofbits -Target d:\osquery-extensions
cd d:\build
# Resume following the osquery build guide
cmake ../osquery/ -G "Visual Studio 16 2019" -A x64
cmake --build . --config Release --target package
And here are the errors:
Libtsk.lib (db_sqlite. Obj) : Error LNK2038: "RuntimeLibrary" mismatch detected:Value "MT_StaticRelease" mismatch value "MD_DynamicRelease" (in osquery_extension_group_main.obj) [D:\build\External\extension_trailofbits\ trailofbits_osquery_extensions.vcxProj]
Libcpmt.lib (xstol. Obj) : Error LNK2038: "RuntimeLibrary" mismatch detected:Value "MT_StaticRelease" mismatch value "MD_DynamicRelease" (in osquery_extension_group_main.obj) [D:\build\External\extension_trailofbits\ trailofbits_osquery_extensions.vcxProj]
Well I set the properties of project trailofbits_osquery_extensions by VS2019 [ "Visual Studio 16 2019" ]
Project -> properties -> configuration -> general -> configuration type :
change it from application (.exe) to Static libraries (.lib)
and , It works!
218>trailofbits_osquery_extensions.vcxproj -> D:\build\external\extension_trailofbits\Debug\trailofbits_osquery_extensions.ext.exe
But, It's too early to laugh.....
I installed osquery-4.5.1.msi into path c:\osquery
and copied trailofbits_osquery_extensions.ext.exe to c:\osquery
but, while I am running this:
.\osqueryi.exe --allow_unsafe --disable_extensions=false --extension .\trailofbits_osquery_extensions.ext.exe
here is the return:
c:\osquery>.\osqueryi.exe --allow_unsafe --disable_extensions=false --extension .\trailofbits_osquery_extensions.ext.exe
Using a �[1mvirtual database�[0m. Need help, type '.help'
osquery> E1219 15:45:59.234822 19408 watcher.cpp:653] Cannot create extension process: .\trailofbits_osquery_extensions.ext.exe
c:\osquery>
Anyway ,thanks for reading..
but, anyone can tell me how to build and run it correctly??????
help me.... T_T
Ref: https://github.com/trailofbits/mdm_osquery_extension
(And then delete that repo)
after executing
sudo osqueryi --extension /var/osquery/extensions/trailofbits_osquery_extensions.ext --allow_unsafe=true
getting the following error:
osquery> SELECT * FROM santa_denied;
Error: no such table: santa_denied
osquery> SELECT * FROM santa_allowed;
Error: no such table: santa_allowed
but seems like the following worked:
SELECT * FROM santa_rules;
Please provide some guidance on how to troubleshoot. Appreciate it.
Nice meeting you all at Querycon!
This is a task to capture the idea we had of exposing the output of santactl status as a table in the Santa extension.
This would have columns:
mode, file_logging, watchdog_cpu_events, watchdog_ram_Events, root_cache_count, nonroot_cache_count, binary_rules_count, certificate_rules_count, events_pending_upload_count, sync_server, clean_sync_required, last_successful_full_sync, last_successful_rule_sync, push_notifications, bundle_scanning
osquery version: 3.2.9-98-g2f872cb9
Name and version of OS tested on: Windows 10
The final build step (building the extensions) fails, with the following errors related to safeStrtoull:
C:\Projects\osquery-fb-master\external\extension_trailofbits\fwctl\src\portblacklist.cpp(506): error C2039: 'safeStrtoull': is not a member of 'osquery' [C:\Projects\osquery-fb-master\build
\windows10\external\trailofbits_osquery_extensions.vcxproj]
C:\Projects\osquery-fb-master\external\extension_trailofbits\fwctl\src\portblacklist.cpp(506): error C3861: 'safeStrtoull': identifier not found [C:\Projects\osquery-fb-master\build\windows
10\external\trailofbits_osquery_extensions.vcxproj]
This function was apparently removed from osquery after 3.2.6 or so.
Replace it with tryTo<'unsigned long long'> ?
The osquery-extensions builds all of its extensions into the .ext executable binary, by default. If a user wants only select extensions from the repo, they should edit the .platform file in the non-desired extension's directory.
This ought to be explained in the top-level README.md
I tried to access PortBlacklist table using select statement through osqueri in Mac .I followed the steps mentioned in the document.I am getting not able to create firewall issue
Provide osquery a list of Windows mutexes and have it register them to block other processes with the same mutex from executing.
If Trail of Bits adds more extensions to this repository, I would love the ability to bundle all plugins provided by each extension into a single extension binary. The ability to combine specific plugins into an extension (ie: I want efigy, and foo, but not bar) would be neat, but not required.
The reason why I want this is because I want to distribute the Trail of Bits extension in Launcher, but I don't want to have to package, sign, distribute, and autoupdate each extension that gets added if I can just distribute a single extension that bundles all of the plugins.
Building on MacOS fails (even using the 4.0.1 porting branch) with the error ld: library not found for -lboost_iostreams-mt at the linking stage of building the extension binary.
The iptables_ext and ip6tables_ext tables do not get the existing firewall rules. The dns_event table in network monitor extension also does not work with osquery 4.x
Hi, i'm working on a Windows 10 Pro 1909 VM with OSQuery 4.3.0 and trailofbits extensions v1.2.
When I run osqueryi --extensions_require <trailofbits.ext.exe path> I get a lots of log messages:
Thrift: Wed May 20 12:50:54 2020 Client connected.
Wed May 20 12:50:54 2020 TPipe ::GetOverlappedResult errored GLE=errno = 109
Wed May 20 12:50:54 2020 TConnectedClient died: TPipe: GetOverlappedResult failed
and finally the loading fails with:
W0520 12:50:54.178596 5628 extensions.cpp:780] Required extension not found or not loaded: .\extensions\trailofbits_osquery_extensions.ext.exe
E0520 12:50:54.178596 5628 init.cpp:569] An error occured during extension manager startup: Required extension not found or not loaded: .\extensions\trailofbits_osquery_extensions.ext.exe
If I load the extension with osqueryi --extension <trailofbits.ext.exe path> those annoying log messages still continuously appear but I can see and query the table windows_sync_objects. This is preventing me from programmatically querying the windows_sync_objects table without having to access the interactive shell...does anyone have hints about how what's causing the issue and how to solve it?
Thanks.
It appears that either the network_monitor does not build into the bundled extension, because it uses addOsqueryExtension in its CMake rather than addOsqueryExtensionEx.
https://github.com/trailofbits/osquery-extensions/blob/master/network_monitor/CMakeLists.txt#L36
Should we fix this, or document it as intentional and add a note to the READMEs?
A user has reported that they are able to load the extension this way:
osqueryi --allow_unsafe --extension osquery/build/external/extension_trailofbits/extensions/network_monitor/network_monitor.ext
Hi , and thanks for sharing the extension
I have been able to build the efigy extension with no problems, but when I try with the Santa extension, it fails with this output: https://gist.github.com/AndersTao/650518ee32d5df58118f70b8eb71677b
Shout I setup a vm with 10.12 to do the build, or maybe I am missing something else?
Hello All,
I am currently working on fetching ntfs data and tried running extension using cmdline
osqueryi --disable_extensions=false --allow_unsafe --extension "C:\Program Files\osquery\extensions\trailofbits_osquery_extensions.ext.exe".
I am facing the problem while executing above command in terminal as mentioned in screenshot.
I saved the extension file under osquery\extensions folder. I am not quite sure where i am making mistake. I tried searching for issue but nothing worked as such. Please help if i am missing something. Thanks
This is more of a question...
How would I go about allowing access to a single IP address ( or IP address range ), or a single domain... or port... etc?
Thank you!
The sqlite schema for the santa.db file is:
$ sudo sqlite3 rules.db
sqlite> .schema rules
CREATE TABLE IF NOT EXISTS 'rules' ('shasum' TEXT NOT NULL, 'state' INTEGER NOT NULL, 'type' INTEGER NOT NULL, 'custommsg' TEXT);
However, the santa_rules table in osquery does not have support for the custommsg column:
osquery> .schema santa_rules
CREATE TABLE santa_rules(`shasum` TEXT, `state` TEXT, `type` TEXT);
We utilize that column to give people more information about why a particular binary is being blocked, so it's very important that we have the ability to INSERT values into that column now that writable tables exist
Implement a performance speedup on the new santa_allowed table using the constraints feature, such that the santa_allowed table can be queried faster using WHERE clauses.
Example:
https://github.com/facebook/osquery/blob/master/osquery/tables/system/darwin/signature.mm#L252
Reference:
https://osquery.readthedocs.io/en/stable/development/creating-tables/
observed behavior:
osquery> SELECT * FROM ntfs_part_data;
+--------------------+---------+------------------------------+
| device | address | description |
+--------------------+---------+------------------------------+
| \\.\PhysicalDrive0 | 0 | Safety Table |
| \\.\PhysicalDrive0 | 1 | Unallocated |
| \\.\PhysicalDrive0 | 2 | GPT Header |
| \\.\PhysicalDrive0 | 3 | Partition Table |
| \\.\PhysicalDrive0 | 4 | Basic data partition |
| \\.\PhysicalDrive0 | 5 | EFI system partition |
| \\.\PhysicalDrive0 | 6 | Microsoft reserved partition |
| \\.\PhysicalDrive0 | 7 | Basic data partition |
| \\.\PhysicalDrive0 | 8 | Unallocated |
+--------------------+---------+------------------------------+
osquery> SELECT * FROM ntfs_indx_data WHERE device="\\.\PhysicalDrive0" AND partition=4;
osquery> SELECT * FROM ntfs_indx_data WHERE device="\\.\PhysicalDrive0" AND partition=4 AND parent_path="\";
unable to open file \
osquery> SELECT * FROM ntfs_indx_data WHERE device="\\.\PhysicalDrive0" AND partition=5 AND parent_path="\";
unable to open file \
osquery> SELECT * FROM ntfs_indx_data WHERE device="\\.\PhysicalDrive0" AND partition=7 AND parent_path="\";
unable to open file \
osquery> SELECT * FROM ntfs_indx_data WHERE device="\\.\PhysicalDrive0" AND partition=7 AND parent_path="/";
expected behavior: shown in example
osquery version: the release binary from this repo
Name and version of OS tested on: Windows 10
This issue will test each extension to see if it works and, if it doesn't, attempt to fix it for the latest osquery version.
| Extension | Win32 | Linux | MacOS |
|---|---|---|---|
| efigy | N/A | N/A | ❌ |
| santa | N/A | N/A | ✅ |
| fwctl | ✅ | ✅ | ✅ |
| ntfs_forensics | ✅ | N/A | N/A |
| windows_sync_objects | ✅ | N/A | N/A |
| mdm_enrollment | N/A | N/A | ✅ |
| iptables | N/A | ✅ | N/A |
Note: Windows extensions require a fix for osquery/osquery#7324
A user reports that the network_monitor extension continues to run after quitting osqueryi and it has to be manually terminated.
When quitting osquery, he sees:
Thrift: Wed Nov 11 07:15:12 2020 TSocket::open() connect() <Host: Port: 0>No such file or directory
and continued output like:
I1111 07:16:53.047338 27998 extensions.cpp:298] Extension watcher ending: osquery core has gone away
Following these steps on Windows 10, the last step fails with LINK : fatal error LNK1181: cannot open input file 'libboost_serialization-mt-s.lib'
Steps to reproduce:
1. clone osquery and osquery-extensions into C:\Projects
2. C:\Projects\osquery\tools\make-dev-env.bat (from an Administrator prompt)
3. choco uninstall boost-msvc14
4. C:\Projects\osquery\tools\provision\chocolatey\boost-msvc14.ps1 (from an Administrator Powershell)
5. cd C:\Projects\osquery\build\chocolatey\boost-msvc14\boost_1_66_0\osquery-choco
choco install -s . .\boost-msvc14.1.66.0.nupkg
6. mklink /D "C:\Projects\osquery\external\extension_trailofbits" "C:\Projects\osquery-extensions"
7. C:\Projects\osquery\tools\make-win64-binaries.bat
8. cd C:\Projects\osquery\build\windows10
cmake --build . --config Release --target trailofbits_osquery_extensions
Hi folks,
I recently upgraded to osquery 3.3.0, Santa v0.9.28, and the new Trail of Bits extension and since then, I'm seeing basically every single process execution get added to the santa_events table:
osquery> select count(*) from santa_events;
+----------+
| count(*) |
+----------+
| 180796 |
+----------+
+--------------------------+------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------+---------+
| timestamp | path | shasum | reason |
+--------------------------+------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------+---------+
| 2018-09-04T18:14:51.168Z | /Applications/Google Chrome.app/Contents/Versions/68.0.3440.106/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper | 57480321cc69717dff5889374e493130825011d882f76e4d1db96912f1f10c96 | UNKNOWN |
| 2018-09-04T18:14:49.190Z | /bin/df | 87d14508b381903825986fc10a7bc91035a47ce6712b24c049fac001cfb750be | CERT |
| 2018-09-04T18:14:48.296Z | /Applications/Google Chrome.app/Contents/Versions/68.0.3440.106/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper | 57480321cc69717dff5889374e493130825011d882f76e4d1db96912f1f10c96 | UNKNOWN |
| 2018-09-04T18:14:44.095Z | /System/Library/CoreServices/LocationMenu.app/Contents/MacOS/LocationMenu | c8887435ac16812dc00501b97ab1ebda4020fce6e0efe229cfee4b327c4b6c38 | CERT |
| 2018-09-04T18:14:44.095Z | /usr/libexec/xpcproxy | 0b8fbba98f048a3aa0fc20aa7d3777f5e9e06afa6b96cdba02fe8b5486af5479 | CERT |
| 2018-09-04T18:14:42.883Z | /Applications/Google Chrome.app/Contents/Versions/68.0.3440.106/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper | 57480321cc69717dff5889374e493130825011d882f76e4d1db96912f1f10c96 | UNKNOWN |
| 2018-09-04T18:14:42.882Z | /Applications/Google Chrome.app/Contents/Versions/68.0.3440.106/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper | 57480321cc69717dff5889374e493130825011d882f76e4d1db96912f1f10c96 | UNKNOWN |
| 2018-09-04T18:14:30.319Z | /private/var/osquery/extensions/trailofbits_osquery_extensions.ext | 60e3a7a9e61008148823e0ebe36eaab6143a88d13e25d5b42e8fd7c28629106d | UNKNOWN |
| 2018-09-04T18:14:30.292Z | /usr/local/bin/osqueryd | 10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56 | UNKNOWN |
+--------------------------+------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------+---------+
I'm guessing something with the way Santa logs or the extension classifies events has changed.
Based on https://osquery.readthedocs.io/en/stable/development/osquery-sdk/#using-the-example-extension
I created soft link to the externals directory
ls -s ~/extensions/trailofbits extension_trailofbits
then went to the build directory
cd build
make externals
And I see only the following output but nothing is built
Built target externals
------------------- Verbose mode of the make file --------------------------------------------------------------
~/osquery/build$ make --debug=v externals
GNU Make 4.1
Built for x86_64-pc-linux-gnu
Copyright (C) 1988-2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Reading makefiles...
Reading makefile 'Makefile'...
Updating goal targets....
Considering target file 'externals'.
File 'externals' does not exist.
Considering target file 'cmake_check_build_system'.
File 'cmake_check_build_system' does not exist.
Finished prerequisites of target file 'cmake_check_build_system'.
Must remake target 'cmake_check_build_system'.
Successfully remade target file 'cmake_check_build_system'.
Finished prerequisites of target file 'externals'.
Must remake target 'externals'.
GNU Make 4.1
Built for x86_64-pc-linux-gnu
Copyright (C) 1988-2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Reading makefiles...
Reading makefile 'CMakeFiles/Makefile2'...
Updating goal targets....
Considering target file 'externals'.
File 'externals' does not exist.
Considering target file 'external/CMakeFiles/externals.dir/rule'.
File 'external/CMakeFiles/externals.dir/rule' does not exist.
Considering target file 'cmake_check_build_system'.
File 'cmake_check_build_system' does not exist.
Finished prerequisites of target file 'cmake_check_build_system'.
Must remake target 'cmake_check_build_system'.
Successfully remade target file 'cmake_check_build_system'.
Finished prerequisites of target file 'external/CMakeFiles/externals.dir/rule'.
Must remake target 'external/CMakeFiles/externals.dir/rule'.
GNU Make 4.1
Built for x86_64-pc-linux-gnu
Copyright (C) 1988-2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Reading makefiles...
Reading makefile 'CMakeFiles/Makefile2'...
Updating goal targets....
Considering target file 'external/CMakeFiles/externals.dir/all'.
File 'external/CMakeFiles/externals.dir/all' does not exist.
Finished prerequisites of target file 'external/CMakeFiles/externals.dir/all'.
Must remake target 'external/CMakeFiles/externals.dir/all'.
GNU Make 4.1
Built for x86_64-pc-linux-gnu
Copyright (C) 1988-2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Reading makefiles...
Reading makefile 'external/CMakeFiles/externals.dir/build.make'...
Reading makefile 'external/CMakeFiles/externals.dir/progress.make' (search path) (no ~ expansion)...
Updating goal targets....
Considering target file 'external/CMakeFiles/externals.dir/depend'.
File 'external/CMakeFiles/externals.dir/depend' does not exist.
Finished prerequisites of target file 'external/CMakeFiles/externals.dir/depend'.
Must remake target 'external/CMakeFiles/externals.dir/depend'.
Successfully remade target file 'external/CMakeFiles/externals.dir/depend'.
GNU Make 4.1
Built for x86_64-pc-linux-gnu
Copyright (C) 1988-2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Reading makefiles...
Reading makefile 'external/CMakeFiles/externals.dir/build.make'...
Reading makefile 'external/CMakeFiles/externals.dir/progress.make' (search path) (no ~ expansion)...
Updating goal targets....
Considering target file 'external/CMakeFiles/externals.dir/build'.
File 'external/CMakeFiles/externals.dir/build' does not exist.
Considering target file 'externals'.
File 'externals' does not exist.
Pruning file 'external/CMakeFiles/externals.dir/build.make'.
Finished prerequisites of target file 'externals'.
Must remake target 'externals'.
Successfully remade target file 'externals'.
Finished prerequisites of target file 'external/CMakeFiles/externals.dir/build'.
Must remake target 'external/CMakeFiles/externals.dir/build'.
Successfully remade target file 'external/CMakeFiles/externals.dir/build'.
Built target externals
Successfully remade target file 'external/CMakeFiles/externals.dir/all'.
Successfully remade target file 'external/CMakeFiles/externals.dir/rule'.
Finished prerequisites of target file 'externals'.
Must remake target 'externals'.
Successfully remade target file 'externals'.
Successfully remade target file 'externals'.
Any help will be appreciated. Thanks in advance
Should document how to run the tests.
Well , base on #68
I add this code in file: cmake/flags.cmake
set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
And then
cmake --config Release --build .
It works well.
and this following part works well too.
cmake --config RelWithDebInfo --build .
but, when I want to debug the code, errors come.
cmake --config Debug --build .
And here are the errors message( Same as #68) :
Libtsk.lib (db_sqlite. Obj) : Error LNK2038: "RuntimeLibrary" mismatch detected:Value "MT_StaticRelease" mismatch value "MTd_StaticDebug" (in osquery_extension_group_main.obj) [D:\build\External\extension_trailofbits\ trailofbits_osquery_extensions.vcxProj]
Libcpmt.lib (xstol. Obj) : Error LNK2038: "RuntimeLibrary" mismatch detected:Value "MT_StaticRelease" mismatch value "MTd_StaticDebug" (in osquery_extension_group_main.obj) [D:\build\External\extension_trailofbits\ trailofbits_osquery_extensions.vcxProj]
Feature request for switching the clientMode between monitor and lockdown. This is done via .mobileconfig or plist conf change
User reports that he builds and loads the Darwin Unified Log extension, but querying it returns an empty table.
Confirmed locally, there's a logic bug preventing it from working. More details TBA.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.