One of the most critical sources of data when responding to an incident on windows systems is the event logs. Read below to explore the windows event log system and see how Velociraptor can be used to work around its limitations. buff.ly/3UkIx6P

The next Black Hat USA will be here before you know it! Register for our Velociraptor hands-on training today and get a $600 discount off the registrations fees. You won't want to miss it. buff.ly/3IV3L5E

Registration is now open for Rapid7's Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more. buff.ly/49PMXbn

If you are a regular user, you'll no doubt have noticed new features since v0.7.1 that extend forensic capabilities on various systems. Nathanael Ndong shows us how to leverage those new features to perform forensic analysis of a VMware ESXi hypervisor. buff.ly/3W9l6Ql

📣 Velociraptor v0.7.2 is now live! The long-awaited release is highlighted by EWF support, dynamic DNS, improved SSH access, secrets management & much more. Read up on all the exciting new features and download it today: r-7.co/3Uk9YNN

I was so excited about the new 0.72 release of Velociraptor I just could not wait to make a quick video to show you all the new features! #velociraptor #dfir #digitalforensics Check it out here youtube.com/watch?v=FwmFYm…

The incident started with a compromised server. When we extended the hunting to the entire network, we found traces of the "WayBack" campaign on a computer, which Yoroi documented almost exactly three years ago [1]. We also found the exact same code as in the blog on

Quick and dirty VQL to search for hosts potentially vulnerable to #OpenSSH #regreSSHion 🐛#CVE20246387 in Velociraptor #velociraptor🔍🦖 gist.github.com/weslambert/589… Use when hunting with with Linux.Debian.Packages and Linux.RHEL.Packages docs.velociraptor.app/artifact_refer… #DFIR #Infosec

Great example of VQL automation!

I recently conducted a Rapid incident Response utilizing Velociraptor session. Here is the session notes with some VQLs that can be utilized in IR cases github.com/0xAnalyst/IRSe… #IncidentResponse #Velociraptor #ThreatHunting

Eric Capuano - Bsky: @eric.zip rocking the Velociraptor content on Day 3! Students getting ready to hunt all the things. Day 3 Black Hat starting strong!

Velociraptor release 0.73 is now available for testing! Read about all the cool new features here docs.velociraptor.app/blog/2024/2024… . An exciting new feature is built in timelining capability. Check the blog post here docs.velociraptor.app/blog/2024/2024…

day 1 of THVR Wild West Hackin' Fest training off to a great start 🦖🤓🔥

Wrapping up day 2 of THVR Wild West Hackin' Fest 😎 Every time, Eric Capuano - Bsky: @eric.zip makes this stuff look like a breeze Fun side effects of running our Velociraptor trainings - they almost always result in our team contributing back to Velociraptor 🔥🦖💙 PRs incoming!

I've recently built a Velociraptor #velociraptor VQL artifact to support Linux forensics. This artifact collects metadata about open file descriptors (other files, sockets, etc) from active processes on a Linux system. #dfir docs.velociraptor.app/exchange/artif…

Do you use Velociraptor? 😎🦖 Want to learn more? Our course is for security analysts, SOC team members, incident responders, and cybersecurity professionals looking to enhance their threat hunting skills 🔥 Register for THVR Wild West Hackin' Fest here: wildwesthackinfest.com/wild-west-hack…

🚀 I’ve done lot of work on LNK file collection and automated analysis, and I recently updated the publicly available LNK parser in Velociraptor - Windows.Forensics.Lnk. This post Walks through the structure of LNK files and demonstrates some advanced analysis techniques.

Analysts can overlook lesser-known data points during LNK forensics for cyber threat intelligence, missing valuable insights. 🔍 Explore the structure of LNK files using Velociraptor with analysis techniques used by Rapid7 Labs ⤵️ r-7.co/4ehleme

Looking forward to speaking on a panel at the Rapid7 Take Command Summit. Register for free below as we talk about between pen testing, red teaming and the benefits of running regular security exercises. rapid7.brighttalk.com/?utm_source=re…

At AUSCERT conference we presented "Sigma and Detection Engineering with Velociraptor Velociraptor". Learn how to implement real time Sigma detection with forensic enhancements. Full presentation youtube.com/watch?v=3EBrpF… and slides docs.velociraptor.app/presentations/…