Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Velociraptor - Dig Deeper in Linux

linux.conf.au via YouTube

Overview

Explore the powerful open-source DFIR framework Velociraptor in this 46-minute conference talk from linux.conf.au 2022. Dive into Velociraptor's flexible query language VQL and learn how to implement novel detection methods, hunt for compromises, and automate response needs across large enterprise networks. Discover techniques for investigating and monitoring Linux host security, including hunting for SSH keys, detecting webshells through process analysis, and building sophisticated alerting systems for process execution chains and network connections. Gain insights into real-time endpoint monitoring, bash instrumentation, and scalable incident response strategies. Perfect for security professionals and system administrators looking to enhance their Linux security toolkit and incident response capabilities.

Syllabus

Introduction
Overview
What is Velociraptor
What Velociraptor looks like
Velociraptor efficiency
VQL
VQL artifacts
Example
SSH logs
Grog
Notebook
Recap
Artifact
Hunt
Unsecured Search Keys
Parse Private Keys
Binary Format
Parser
Search
Carving
Event Monitoring
Streaming Queries
Event Queries
Watch syslog
Sysmon

Taught by

linux.conf.au

Reviews

Start your review of Velociraptor - Dig Deeper in Linux

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.