Mass Digital Forensics & Incident Response with Velociraptor

preview_player
Показать описание

Thanks to @iamkingsage8571 for contributing timestamps!

00:00 Introduction
01:08 Velociraptor VFS
04:05 Artifacts & Automation w/ VQL
06:16 Sigma Rule matching w/ Hayabusa
07:20 Waiting on Hayabusa to finish scan.
09:20 How does Hayabusa compare to Chainsaw?
10:40 Parsing Hayabusa Findings
13:40 PsTree Attempt 1 w/PsList
17:55 PsTree Attempt 2 w/Velociraptor Process Tracker
19:50 Velociraptor Process Tracker
22:35 PSExec Change in v2.30 & How to look for the usage of PSExec
25:25 Why this is useful and example use case'
26:10 PowerShell Artifacts
27:30 Bits Transfer Artifact
28:50 How to hunt for multiple compromised machines.
30:40 Parsing the Results using VQL
33:20 Demo Conclusion

🔥 YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
  1. John Hammond
  2. cybersecurity
  3. learn
  4. programming
  5. coding
  6. capture the flag
Рекомендации по теме
Mass Digital Forensics 0:34:54

Mass Digital Forensics & Incident Response with Velociraptor

Open-Source Intelligence (OSINT) 0:57:36

Open-Source Intelligence (OSINT) + Digital Forensics and Incident Response (DFIR) | LIVE

Hackers Find Missing 0:06:07

Hackers Find Missing People For Fun

Next-Gen DFIR: Mass 0:40:28

Next-Gen DFIR: Mass Exploits & Supplier Compromise

Exposing the Dark 0:00:57

Exposing the Dark Side of Media Manipulation #cybersecurity #cybercrime #digitalforensics

Tracking Threat Actors 0:27:50

Tracking Threat Actors through YARA Rules and Virus Total - SANS DFIR Summit 2016

Digital Forensic First 0:01:47

Digital Forensic First Response: Investigating Cyber Incidents

Fast Forensics and 0:33:35

Fast Forensics and Threat Hunting with Yamato Security Tools

Lecture 25: Digital 1:21:23

Lecture 25: Digital Forensics Incident Response (DFIR) + Volatility

SANS Threat Analysis 0:44:52

SANS Threat Analysis Rundown (STAR)

We’re in Now, 0:28:03

We’re in Now, Now: The Tyranny of Current Intelligence and How to Manage It

Incident Response in 0:28:02

Incident Response in the Cloud (AWS) - SANS Digital Forensics & Incident Response Summit 2017

CROWD STRIKE FAULT 0:01:00

CROWD STRIKE FAULT CAUSES GLOBAL OUTAGE #crowdstrike #fdilabs #cybersecurity #microsoft

Analyzing Chinese Information 0:34:59

Analyzing Chinese Information Operations with Threat Intelligence

The Darknet of 0:47:44

The Darknet of Things: Hunting Cybercriminals

Detecting & Hunting 1:21:16

Detecting & Hunting Ransomware Operator Tools: It Is Easier Than You Think!

TOP DIGITAL FORENSICS 0:01:04

TOP DIGITAL FORENSICS TOOLS FOR DEVELOPERS 2024

Hunt for Hackers 0:13:51

Hunt for Hackers with Velociraptor

Attributing Active Measures, 0:32:27

Attributing Active Measures, Then and Now - SANS CTI Summit 2018

Digital Forensics: Solving 0:42:02

Digital Forensics: Solving the Digital Crime Scene | B2B Tech Talk

Crisis Communication for 0:47:00

Crisis Communication for Incident Response - SANS DFIR Summit 2015

R2D2 Malware Infected 0:08:21

R2D2 Malware Infected Memory Analysis - Digital Forensics - OCSALY

DFIR Summit 2016: 0:25:44

DFIR Summit 2016: Incident Detection and Hunting at Scale: An Introduction to Osquery

New Trends in 1:03:41

New Trends in Cyber Incident Response and Forensics

Комментарии
Автор

0:00 Introduction
1:08 Velociraptor VFS
4:05 Artifacts & Automation w/ VQL
6:16 Sigma Rule matching w/ Hayabusa
7:20 Waiting on Hayabusa to finish scan.
9:20 How does Hayabusa compare to Chainsaw?
10:40 Parsing Hayabusa Findings
13:40 PsTree Attempt 1 w/PsList
17:55 PsTree Attempt 2 w/Velociraptor Process Tracker
19:50 Velociraptor Process Tracker
22:35 PSExec Change in v2.30 & How to look for the usage of PSExec
25:25 Why this is useful and example use case'
26:10 PowerShell Artifacts
27:30 Bits Transfer Artifact
28:50 How to hunt for multiple compromised machines.
30:40 Parsing the Results using VQL
33:20 Demo Conclusion

iamkingsage
Автор

That new psexec...key with the source is HUGE

christophertharp
Автор

I recently set up a Velociraptor server at home and installed agents on all my virtual machines. I still have much to learn, but I love it so far. Still have to dive in to VQL so I can do my own artifacts.

KenPryor
Автор

I always wanted to try out Velociraptor but did not have a chance, thank you! I normally use Binalze AIR for mass DFIR, I will watch this with my full attention 😊

mindtropy
Автор

John, please use time stamps, it will be helpful😊

Love-yvfc
Автор

Hi guys, awsome demo and product! It would be so great to see you guys working together with the opensource tool Elastic in order to integrate with each other!

JonathanLuticia
Автор

used the tool for a long time, its amazing! unfortunately i dont do hunts anymore - which i would love to get back to :)

HitemAriania
Автор

Time stamps would be better. But amazing video 🔥.

squid
Автор

Hello. Have you experienced small customers installing Velociraptor? I'm asking because we did a POC for a start-up company and now they wish to deploy it in production.

ericmoore
Автор

Is part 2 of this video available on YouTube?

SlingerJames
Автор

Can you consider making a updated "setup a hacking lab"?
Pros and cons with virtual machines on a local hypervisor vs for instance VPS and cloud vms etc

Headht
Автор

I wanna learn about digital forensics in MacOS & malware analysis does anyone know any good courses (freee) or cheap certs & courses & or resources please?

Yorak