Velociraptor

@[email protected]
713 Followers
94 Following
86 Posts
Velociraptor - Endpoint visibility and collection tool. https://docs.velociraptor.app/
VelociraptorOct 17, 2023
You know you're in Melbourne Australia when....
VelociraptorMar 3, 2023
Eric CapuanoMar 1, 2023

Ever had an employee lose a laptop (or have stolen) and wished you could remotely wipe it? Of course, MDM and similar solutions often have this capability, but assuming you don't -- I wrote a @velocidex artifact that will get the job done. It's been tested multiple times to great success. 💥

💣WARNING - THIS WILL DESTROY THE SYSTEM, but sometimes (lost or stolen laptop) that's exactly what you want to do.💣

I am not submitting this to the artifact exchange because it's too risky to just have folks unknowingly import this into their VR deployments, so if you want it, get it here: https://gist.github.com/ecapuano/679791ffe049a0b2e81a645df3084944 #velociraptor

A Velociraptor artifact that causes a Windows system to self-destruct

A Velociraptor artifact that causes a Windows system to self-destruct - Windows.Destroy.System.yaml

Gist
VelociraptorMar 1, 2023

We are excited to announce our in-person Velociraptor training course is now scheduled for BlackHat 2023 https://blackhat.com/us-23/training/schedule/index.html#digging-deeper-with-velociraptor-30129

This is a rare opportunity to learn about Velociraptor from the development team themselves, in person and in Vegas! This course will be sold out ...

Black Hat

Black Hat

VelociraptorFeb 24, 2023
Show thread"Nurture-boy" Ric FlairFeb 21, 2023
@eric_capuano
That does seem like fun!
@velocidex
VelociraptorFeb 12, 2023
ₛᵤₙdᵣᵤᵢdFeb 7, 2023

Quarterly maintenance. Upgrading my Velociraptor server and testing rapid response readiness. Use for ad hoc DFIR investigations and emergency management of live collections. @velocidex #velociraptor

Very practical tool for #DFIR

VelociraptorFeb 12, 2023
Christiaan BeekFeb 11, 2023
Latest research where we use @velocidex to hunt for DLL injection files abused by actors: https://www.rapid7.com/blog/post/2023/02/09/evasion-techniques-uncovered-an-analysis-of-apt-methods/ #plugx
Evasion Techniques Uncovered: An Analysis of APT Methods | Rapid7 Blog

In this piece, we look at DLL search order hijacking and DLL sideloading, which are commonly used by nation state sponsored attackers to evade detection.

Rapid7
VelociraptorJan 30, 2023
Recon InfoSecJan 30, 2023

If you couldn't catch Marcus Guevara's talk during @cactuscon, here's the recording - https://www.youtube.com/live/OIfOhFOmX-8?feature=share&t=1h40m59s

"Is Dead Memory Analysis Dead?" is a 🔥 talk, complete with donkeys and DFIR

Featuring some of our favorites, @velocidex and EchoTrail 💙🤓

#cc11

CactusCon 11 - Day 2 (1/28) Track 1

Live stream of Track 1 from CactusCon 11DAY 2 - 1/28 (ALL TIMES IN AZ LOCAL)Join us on Discord! Register at https://cactuscon.com/register, then jump into th...

YouTube
VelociraptorJan 29, 2023
Show threadWhitney Champion 🍪Jan 29, 2023
@eric_capuano ridiculously proud of you 💕🤓
VelociraptorJan 29, 2023
Show threadEric CapuanoJan 29, 2023
@shortstack you’re the magician 🦄❤️
VelociraptorJan 29, 2023
Eric CapuanoJan 29, 2023

Here are the slides from the talk @shortstack and I gave at @cactuscon on "Security Operations with Velociraptor": https://reconis.co/secops_with_vr

You can watch the recorded stream here: https://reconis.co/secops_with_vr_stream

#CC11 #CactusCon #DFIR #infosec #secops #velociraptor