From the course: Complete Guide to Open Source Security
Join today to access over 24,800 courses taught by industry experts.
Hunting with Velociraptor
From the course: Complete Guide to Open Source Security
Hunting with Velociraptor
- [Instructor] The true power of Velociraptor is that it can query thousands of endpoints as easily as it can query a single host. We're certainly not going to see this power with just three clients, but let's see what we can do with it. Velociraptor has its own VQL query language, which we can use to search our hosts, and it comes with a number of preexisting queries, which we can use. If we click the menu hamburger and the hunt manager and we press the plus symbol to start a new hunt, we'll give this a description of checking SSH logins and we'll leave the default as run everywhere. We'll check the start hunt immediately box, and this will run the hunt as soon as we launch it. If we don't check this, we can prepare our hunts and then run them when we are ready to do that. We can see that all three of our clients are affected. We can now move on to select artifacts. We've got three major categories of preexisting searches here, generic, Linux and Windows. For this query, we'll scroll…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
-
-
-
(Locked)
Installing the IRIS incident management system2m 8s
-
(Locked)
Managing incidents with IRIS5m 44s
-
(Locked)
Installing Velociraptor6m 40s
-
(Locked)
Connecting Linux hosts to Velociraptor5m
-
(Locked)
Connecting Windows hosts to Velociraptor2m 16s
-
(Locked)
Running commands remotely from Velociraptor59s
-
(Locked)
Accessing client files with VFS2m 30s
-
(Locked)
Hunting with Velociraptor5m 44s
-
(Locked)
-
-
-