Facebook announced today it was pushing out some “query packs” on its code page that would enable security researchers to look for signs of Hacking Team infection. These query packs form part of Facebook’s “osquery”, a free and open source framework that can be used to gather network data and quickly ask questions to uncover potential security threats. It’s part of the social network’s own security defences and was updated recently to protect against some critical Apple Mac and iPhone vulnerabilities. Whilst query packs can be created to bunch specific, commonly-used sets of questions for datasets, Facebook has released a handful of its own, including ones related specifically for Mac OS X machines. Facebook told FORBES it hadn’t put together other query packs for other operating systems but noted that users can simply create their own queries to identify other “indicators of compromise”, such as slow performance or daemon processes.
