Products/Security/mquire

mquire

An osquery-inspired memory forensics tool that enables SQL-based querying of Linux kernel memory snapshots without requi

Security
mquire

Our Take

Mquire is exactly the kind of tool that makes incident responders weep tears of joy — it lets you query live Linux kernel memory using SQL without hunting down debug symbols, which is historically a massive pain in the ass. Built in Rust with embedded BTF and Kallsyms backing it, it can enumerate processes, open files, and network connections straight from memory, which is the dream scenario when you're trying to figure out what a compromised box was actually doing before it got nuked. This is niche — you're not using it unless you're doing forensic work or threat hunting — but for that specific use case, it seems to have nailed the problem.

Key Facts

Category
Security
Discovered via
newsletter:TLDR

Links

Browse by category

Similar products worth knowing

Want products like this in your inbox every morning?

Five products. Every morning. Written by someone who actually cares whether they're good or not. Free forever, unsubscribe whenever.

mquire — SLAYREPORT