Home Commands Tools Labs Defense Center Learning Paths Quizzes Challenges CTF Hubs Premium Log in

Library

Command reference

Search the live database for syntax, tools, use cases, tags, MITRE context, and safe lab-ready command examples.

140 results Clear filters
Defensive Intermediate Free

Review local users.

Review local users.

osqueryi "select username,description from users;"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open
Defensive Intermediate Free

Inventory installed software.

Inventory installed software.

osqueryi "select name,version from programs order by name;"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open
Defensive Intermediate Free

Review startup persistence entries.

Review startup persistence entries.

osqueryi "select * from startup_items;"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open
Defensive Intermediate Free

Show logged-in user sessions.

Show logged-in user sessions.

osqueryi "select * from logged_in_users;"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open
Defensive Intermediate Free

Review endpoint interface addresses.

Review endpoint interface addresses.

osqueryi "select address,mac,interface from interface_addresses;"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open
Defensive Intermediate Free

Inspect certificates matching organization hints.

Inspect certificates matching organization hints.

osqueryi "select * from certificates where common_name like '%corp%';"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open
Defensive Intermediate Free

Review scheduled cron entries.

Review scheduled cron entries.

osqueryi "select * from crontab;"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open
Defensive Intermediate Free

Hash a system binary.

Hash a system binary.

osqueryi "select path,sha256 from hash where path='/bin/bash';"
osquery endpoint-security expanded-library
Osquery / Endpoint Security Open
Defensive Intermediate Free

Review IAM account summary.

Review IAM account summary.

aws iam get-account-summary
aws-cli cloud-security expanded-library
AWS CLI / Cloud Security Open
Defensive Intermediate Free

List IAM users.

List IAM users.

aws iam list-users --query "Users[].UserName"
aws-cli cloud-security expanded-library
AWS CLI / Cloud Security Open
Defensive Intermediate Free

Review access keys for a user.

Review access keys for a user.

aws iam list-access-keys --user-name analyst
aws-cli cloud-security expanded-library
AWS CLI / Cloud Security Open
Defensive Intermediate Free

Find console login events.

Find console login events.

aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=ConsoleLogin
aws-cli cloud-security expanded-library
AWS CLI / Cloud Security Open