Overview
Explore the powerful Velociraptor open-source platform for forensic evidence collection and incident response across distributed computer networks in this hands-on lab from linux.conf.au 2020. Learn to configure and deploy Velociraptor servers and agents, collect and examine evidence from test networks, and investigate real-life scenarios. Discover how to use the Velociraptor Query Language (VQL) for custom hunts, and understand deployment options, interface elements, and management features for large-scale use. Gain practical experience in searching for lateral movement evidence, hunting for backdoors and attacker IOCs, and implementing continuous security monitoring on endpoints. Focus on Linux systems while also learning about Velociraptor's support for Windows and MacOS.
Syllabus
Introduction
What is Velociraptor
Download Velociraptor
What makes Velociraptor interesting
Velociraptor overview
Configuration
Testing
Servers
Deployment
Interactive
Virtual File System
Determining User Activity
HighLevel Questions
Encoding Expert Information
Artifacts
Collect Artifacts
Scenario
SSH logs
Taught by
linux.conf.au