Live Incident Response with Velociraptor

preview_player
Показать описание
Recon InfoSec CTO, Eric Capuano, performs a hands-on demonstration of a live incident response against a compromised environment using nothing but the free and open source Velociraptor agent. Gain exposure to this incredibly powerful tool and many of its most common use-cases for IR, including use of notebooks for analysis and enrichment. 

  1. Recon InfoSec
Рекомендации по теме
Live Incident Response 1:09:18

Live Incident Response with Velociraptor

Mass Digital Forensics 0:34:54

Mass Digital Forensics & Incident Response with Velociraptor

Hunt for Hackers 0:13:51

Hunt for Hackers with Velociraptor

Starting with Velociraptor 0:48:32

Starting with Velociraptor Incident Response

Incident Response with 0:29:23

Incident Response with Velociraptor

Auscert 2024 - 1:27:14

Auscert 2024 - Incident Response with Velociraptor Part 2

FREE INCIDENT RESPONSE 0:41:22

FREE INCIDENT RESPONSE PLATFORM - Velociraptor Install

FREE Cybersecurity Tool: 0:26:37

FREE Cybersecurity Tool: Velociraptor (Step-By-Step Guide)

Open Source Incident 0:21:46

Open Source Incident Response Platform - Your SOC Needs This!

Speed Incident Response 0:06:26

Speed Incident Response with Live Console

Velociraptor: Dig Deeper 0:32:27

Velociraptor: Dig Deeper with Mike Cohen [OSDFCon 2021]

Distributed Evidence Collection 0:52:23

Distributed Evidence Collection and Analysis with Velociraptor - SANS DFIR Summit 2019

Hunting Malware with 0:21:19

Hunting Malware with Velociraptor (YARA & Memory Forensics)

Incident Response and 0:38:27

Incident Response and Event Queries with Velociraptor (Larry Suto)

Hands-On Windows Incident 0:00:24

Hands-On Windows Incident Response

Host-Based Detection, Forensics, 0:53:32

Host-Based Detection, Forensics, and Response with Velociraptor

Formation Techniques de 0:15:28

Formation Techniques de Blue Teaming: Effectuer l'analyse forensique avec la plateforme Velocir...

Velociraptor Challenge Walkthrough 0:59:52

Velociraptor Challenge Walkthrough - TryHackMe - Digital Forensic and Incident Response Tool DFIR

Analyzing Timestomping with 0:05:12

Analyzing Timestomping with Velociraptor

Digging Deeper with 0:35:48

Digging Deeper with Velociraptor - DFIR Beast Mode… - Mike Cohen

Webinar - Live 1:04:05

Webinar - Live Incident Response Handling 101 (Jesse Roberts)

AASLR: Playing with 0:37:49

AASLR: Playing with Velociraptor! | John Strand

IR 372 Investigating 0:25:01

IR 372 Investigating a PUP with Velociraptor

VeloCon 2023: Velociraptor 0:43:15

VeloCon 2023: Velociraptor As a Learning Tool

Комментарии
Автор

Really excellent talk with so much information. Great to see Velociraptor wielded by such a skillful defender! A must watch presentation for any Blue Teamer or defender out there!

velocidexenterprises
Автор

Your radar is awesome Eric 🎉 Unbelievable Incident response Demo ⚔️

whoamisecurity
Автор

Dont know what more motivation is needed to use this awesome tool - for FREE! Thank you Eric C for sharing invaluable experience for FREE & Mike C for sharing this tech for FREE 👑🙌

rpt
Автор

Absolutely incredible and in-depth demo! The pacing, the contents are all great! Bravo Eric!

edwardwhite
Автор

Incredible demo showing how Velociraptor truly takes IR capabilities to a whole other level! This is a game changer! The only thing missing was did the threat actor actually exfil those plans to the death star :) Thank you for this great insight! I have a new lab to build post haste!

gerarddunphy
Автор

This was amazing. I just started learning about Velociraptor recently and have much to learn. This video was extremely helpful.

KenPryor
Автор

I heard about this at the NCFI and started using it. Cederpelta was the one i used to use. Greetings from LaredoTx.

rolyperez
Автор

This was so awesome!!! I could have watched this for hours. Motivated me so much to get my hands on this. Do you have more stuff Like this? Im hungry to learn! Thanks you for the Video

getoutmore
Автор

Hey - I really liked the video and the demos you gave on Velociraptor! 🙂
In the end of the Video you mention that this demo was part of a SANS class. Would you mind disclosing which SANS course this was part from?

christophernst
Автор

Really great structured information. Thanks. How to integrate hyabusa in hunt profile????

shamshoque
Автор

Well done live hunt. thanks for sharing.

dananderson
Автор

Great Demo Eric. Excellent example and a great presentation. Thanks, appreciated !

mitchimpey
Автор

Awesome, impressed :)
How about if the adversary does the cleanup while doing lateral movement?

MuhammadImran-xufw
Автор

This is so cool, I hope to work for a company that uses this some day.

PrinterJamOnToast
Автор

what an amazing video! thanks for all the info, really usefull!

Impact_Creativity
Автор

Great stuff! Thank you. Have you thought about releasing the collected data so that we can play with it in our own velociraptor server?

holeraholera
Автор

Hi, thanks for the great video. I have a question.
How the shellcode is decrypted and which component will decrypt it?

aliakbar
Автор

This is awesome
Really in-depth analysis
Just had one question where can I find this data or the malware ? Is their a repository you have used for this ?

sirisiri
Автор

Wow, such a cool talk. Does velociraptor have to be implemented with a single network? Is there a way to have velociraptor clients from different networks communicate with a single server?

clomok
Автор

How did you prepared the demo environment with more than 60 workstations? is that a simulator tool? awsome talk by the way and thank you!

clasherbak