Velociraptor DFIR

?? Velociraptor v0.7.2 is now live! The long-awaited release is highlighted by EWF support, dynamic DNS, improved SSH access, secrets management & much more. Read up on all the exciting new features and download it today: https://r-7.co/3Uk9YNN

If you are a regular Velociraptor user, you'll no doubt have noticed the introduction of new features since release 0.7.1 that extend its forensic capabilities on various systems. Here's a great write-up from Nathanael Ndong on how to leverage those new features in order to perform forensic analysis of a VMware ESXi hypervisor.

Registration is now open for Rapid7's Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more. https://buff.ly/4aAXCrD

The next Black Hat USA will be here before you know it! Register for our Velociraptor hands-on training today and get a $600 discount off the registrations fees. You won't want to miss it. https://buff.ly/3IV3L5E

One of the most critical sources of data when responding to an incident on windows systems is the event logs. Windows event logs record security significant events. However, unlike more traditional Unix syslogs, the Windows Event Log system is more complex and there are a number of potential problems that an investigator can run into. Read below to explore the windows event log system from the point of view of the investigator and see how Velociraptor can be used to work around its limitations. https://buff.ly/3UkIx6P

Save Your Spot! Take Command: 2024 Cybersecurity Summit Rapid7 is hosting Take Command, a virtual summit on May 21, 2024 across every region and every timezone around the globe. Take Command will bring together a leading group of researchers, practitioners, and cybersecurity experts to share the latest in attacker analysis, emergent technologies, and SOC management. You’ll get a glimpse into the Rapid7 security operations center, and see how MDR services break down silos and build cyber resilience. All with takeaways you can implement right now. If you’re ready to take command of your cybersecurity, join us: https://buff.ly/3TTBUbg

It's never too early to start planning for Black Hat USA 2024 and the Velociraptor training workshop! This hands-on module will cover at a high level the basics of modern forensic analysis techniques and how Velociraptor can help you achieve your goals. Sign up today and save $600 on the registration fees! https://buff.ly/3IV3L5E

The release candidate for Velociraptor 0.7.2 is now available for download and testing! EWF support, updates to the SSH accessor, secrets management, GUI improvements and other notable features make up just some of the new changes in this version. Download it today and take it for a spin. Be sure to log any bugs or issues on our GitHub page below. https://buff.ly/4cnQ9gL

In the 0.7.1 release, Velociraptor has an SSH accessor which allows all plugins that normally use the filesystem to transparently use SSH instead. This helps with devices on the network that can not install an endpoint agent - either because the operating system is not supported (for example embedded versions of Linux) or due to policy. Learn more at: https://lnkd.in/edyf4NqU

Sigma rules can be used on more than just log files. The Velociraptor Sigma project also provides monitoring rules that can be used on live systems for real time monitoring. Read more at: https://lnkd.in/edyf4NqU