Velociraptor

@[email protected]
713 Followers
94 Following
86 Posts
Velociraptor - Endpoint visibility and collection tool. https://docs.velociraptor.app/
VelociraptorOct 17, 2023
You know you're in Melbourne Australia when....
Show threadVelociraptorOct 12, 2023
@doublehelix yet in the state of Queensland that will cost you a $42k fine per kept rabbit. They sure mean business here 😞
Show threadVelociraptorOct 11, 2023
@shortstack @eric_capuano it was awesome to have to visit! Hope you enjoyed down under and the sunshine state 😁
Show threadVelociraptorMar 4, 2023

@joachimmetz with great power comes great responsibility 😜

Velociraptor has an RBAC model that helps with controlling access to different features, such as adding a new artifact, creating a hunt with it etc. There is also auditing etc.

Typically though the velociraptor admins are considered domain admins with same power as running a domain wide gpo scheduled task.

VelociraptorMar 3, 2023
Eric CapuanoMar 1, 2023

Ever had an employee lose a laptop (or have stolen) and wished you could remotely wipe it? Of course, MDM and similar solutions often have this capability, but assuming you don't -- I wrote a @velocidex artifact that will get the job done. It's been tested multiple times to great success. πŸ’₯

πŸ’£WARNING - THIS WILL DESTROY THE SYSTEM, but sometimes (lost or stolen laptop) that's exactly what you want to do.πŸ’£

I am not submitting this to the artifact exchange because it's too risky to just have folks unknowingly import this into their VR deployments, so if you want it, get it here: https://gist.github.com/ecapuano/679791ffe049a0b2e81a645df3084944 #velociraptor

A Velociraptor artifact that causes a Windows system to self-destruct

A Velociraptor artifact that causes a Windows system to self-destruct - Windows.Destroy.System.yaml

Gist
VelociraptorMar 1, 2023

We are excited to announce our in-person Velociraptor training course is now scheduled for BlackHat 2023 https://blackhat.com/us-23/training/schedule/index.html#digging-deeper-with-velociraptor-30129

This is a rare opportunity to learn about Velociraptor from the development team themselves, in person and in Vegas! This course will be sold out ...

Black Hat

Black Hat

VelociraptorFeb 24, 2023
Show thread"Nurture-boy" Ric FlairFeb 21, 2023
@eric_capuano
That does seem like fun!
@velocidex
VelociraptorFeb 12, 2023
β‚›α΅€β‚™dα΅£α΅€α΅’dFeb 7, 2023

Quarterly maintenance. Upgrading my Velociraptor server and testing rapid response readiness. Use for ad hoc DFIR investigations and emergency management of live collections. @velocidex #velociraptor

Very practical tool for #DFIR

VelociraptorFeb 12, 2023
Christiaan BeekFeb 11, 2023
Latest research where we use @velocidex to hunt for DLL injection files abused by actors: https://www.rapid7.com/blog/post/2023/02/09/evasion-techniques-uncovered-an-analysis-of-apt-methods/ #plugx
Evasion Techniques Uncovered: An Analysis of APT Methods | Rapid7 Blog

In this piece, we look at DLL search order hijacking and DLL sideloading, which are commonly used by nation state sponsored attackers to evade detection.

Rapid7
VelociraptorJan 30, 2023
Recon InfoSecJan 30, 2023

If you couldn't catch Marcus Guevara's talk during @cactuscon, here's the recording - https://www.youtube.com/live/OIfOhFOmX-8?feature=share&t=1h40m59s

"Is Dead Memory Analysis Dead?" is a πŸ”₯ talk, complete with donkeys and DFIR

Featuring some of our favorites, @velocidex and EchoTrail πŸ’™πŸ€“

#cc11

CactusCon 11 - Day 2 (1/28) Track 1

Live stream of Track 1 from CactusCon 11DAY 2 - 1/28 (ALL TIMES IN AZ LOCAL)Join us on Discord! Register at https://cactuscon.com/register, then jump into th...

YouTube