FREE Incident Response With Velociraptor

Intro

  • Reconstruct attacker activities through digital forensic analysis
  • Hunt for evidence of sophisticated adversaries
  • Investigate malware outbreaks and other suspicious network activities
  • Monitory continuously for suspicious user activities, such as files copied to USB devices
  • Discover whether disclosure of confidential information occurred outside the network
  • Gather endpoint data over time for use in threat hunting and future investigations

Velociraptor Server Install

  1. Grab the binary:
wget https://github.com/Velocidex/velociraptor/releases/download/v0.6.4-2/velociraptor-v0.6.4-2-linux-amd64
chmod +x velociraptor-v0.6.4-2-linux-amd64
./velociraptor-v0.6.4-2-linux-amd64 config generate -i
./velociraptor-v0.6.4-2-linux-amd64 --config server.config.yaml debian server --binary velociraptor-v0.6.4-2-linux-amd64
dpkg -i velociraptor_0.6.4-2_server.deb
systemctl status velociraptor_server

Velociraptor Client Install

Linux

# velociraptor-v0.6.4-2-linux-amd64 --config client.config.yaml debian client
scp velociraptor_0.6.4-2_client.deb 5.161.107.5:/tmp/
dpkg -i velociraptor_0.6.4-2_client.deb
# velociraptor-v0.6.4-2-linux-amd64 --config client.config.yaml rpm client
  1. Download the Velociraptor repository to a Windows host. Specifically, you need to copy the appropriate custom XML file and build batch file from the docs/wix directory into a new working directory on your host.

Running A Hunt

Conclusion

Need Help?

--

--

--

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

BitTorrent Weekly Report|12.27–01.02

The 10 Top Cyber Security Threats Facing Businesses Today

Importance of Cyber Security in Today’s World

Explorer DecimalChain

The Zhenhua Data leak that exposed the personal details of millions around the world

The Real ROI of Auth0, Part 3: Security

Consent Tech: Evolution of Modern Consent in a Digital Age

Strategic Cybersecurity Foundations — First Considerations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SOCFortress

SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).

More from Medium

Monitoring Corporate Software Policies using Wazuh EDR and Sysmon.

MY EXPERIENCE AS A JUDGE ON TRACELABS CTF SEARCH PARTY 2022

THREAT INTELLIGENCE with STIX/TAXII

Network Forensics: PCAP Analysis of a cyber attack.