0:00 Introduction 1:08 Velociraptor VFS 4:05 Artifacts & Automation w/ VQL 6:16 Sigma Rule matching w/ Hayabusa 7:20 Waiting on Hayabusa to finish scan. 9:20 How does Hayabusa compare to Chainsaw? 10:40 Parsing Hayabusa Findings 13:40 PsTree Attempt 1 w/PsList 17:55 PsTree Attempt 2 w/Velociraptor Process Tracker 19:50 Velociraptor Process Tracker 22:35 PSExec Change in v2.30 & How to look for the usage of PSExec 25:25 Why this is useful and example use case' 26:10 PowerShell Artifacts 27:30 Bits Transfer Artifact 28:50 How to hunt for multiple compromised machines. 30:40 Parsing the Results using VQL 33:20 Demo Conclusion
I recently set up a Velociraptor server at home and installed agents on all my virtual machines. I still have much to learn, but I love it so far. Still have to dive in to VQL so I can do my own artifacts.
I always wanted to try out Velociraptor but did not have a chance, thank you! I normally use Binalze AIR for mass DFIR, I will watch this with my full attention 😊
Hi guys, awsome demo and product! It would be so great to see you guys working together with the opensource tool Elastic in order to integrate with each other!
Hello. Have you experienced small customers installing Velociraptor? I'm asking because we did a POC for a start-up company and now they wish to deploy it in production.
Can you consider making a updated "setup a hacking lab"? Pros and cons with virtual machines on a local hypervisor vs for instance VPS and cloud vms etc
I wanna learn about digital forensics in MacOS & malware analysis does anyone know any good courses (freee) or cheap certs & courses & or resources please?
0:00 Introduction
1:08 Velociraptor VFS
4:05 Artifacts & Automation w/ VQL
6:16 Sigma Rule matching w/ Hayabusa
7:20 Waiting on Hayabusa to finish scan.
9:20 How does Hayabusa compare to Chainsaw?
10:40 Parsing Hayabusa Findings
13:40 PsTree Attempt 1 w/PsList
17:55 PsTree Attempt 2 w/Velociraptor Process Tracker
19:50 Velociraptor Process Tracker
22:35 PSExec Change in v2.30 & How to look for the usage of PSExec
25:25 Why this is useful and example use case'
26:10 PowerShell Artifacts
27:30 Bits Transfer Artifact
28:50 How to hunt for multiple compromised machines.
30:40 Parsing the Results using VQL
33:20 Demo Conclusion
You're a rockstar, huge thanks!!
That new psexec...key with the source is HUGE
John, please use time stamps, it will be helpful😊
Big thanks to @iamkingsage8571, they knocked them out for us!
Not only that but under the section that pops up when you click 'more' you see the chapters which are time stamped
Such a great demo!
I recently set up a Velociraptor server at home and installed agents on all my virtual machines. I still have much to learn, but I love it so far. Still have to dive in to VQL so I can do my own artifacts.
I always wanted to try out Velociraptor but did not have a chance, thank you! I normally use Binalze AIR for mass DFIR, I will watch this with my full attention 😊
Hi guys, awsome demo and product! It would be so great to see you guys working together with the opensource tool Elastic in order to integrate with each other!
Time stamps would be better. But amazing video 🔥.
Big thanks to @iamkingsage8571, they knocked them out for us!
used the tool for a long time, its amazing! unfortunately i dont do hunts anymore - which i would love to get back to :)
Clever girl
Is part 2 of this video available on UA-cam?
Hello. Have you experienced small customers installing Velociraptor? I'm asking because we did a POC for a start-up company and now they wish to deploy it in production.
Can you consider making a updated "setup a hacking lab"?
Pros and cons with virtual machines on a local hypervisor vs for instance VPS and cloud vms etc
Clever Girl...
Liters size
I wanna learn about digital forensics in MacOS & malware analysis does anyone know any good courses (freee) or cheap certs & courses & or resources please?
can't wait more for @mgreen27