Check if meterpreter (Metasploit) is running on your system checking the default remote port (osquery)

Description: Check to see if the default Meterpreter port is open using osquery.

SQL:

SELECT * FROM process_open_sockets WHERE remote_port = 4444;

Operating Systems: Windows, Linux, Apple, FreeBSD

Reference:

• https://raw.githubusercontent.com/puffyCid/osquery-packs/master/windows/metasploit.conf
• Port 4444 (tcp/udp) :: SpeedGuide

#dfir #metasploit #meterpreter #threat_hunting