At @AusCERT conference we presented "Sigma and Detection Engineering with @velocidex Velociraptor". Learn how to implement real time Sigma detection with forensic enhancements. Full presentation and slides

RT @Stealthsploit: Looking forward to speaking on a panel at the @rapid7 Take Command Summit. Register for free below as we talk about be….

RT @chrisdfir: I've recently built a @velocidex #velociraptor VQL artifact to support Linux forensics. This artifact collects metadata abou….

RT @DDI_Training: Do you use @velocidex? 😎🦖 Want to learn more?. Our course is for security analysts, SOC team members, incident responders….

RT @mgreen27: 🚀 I’ve done lot of work on LNK file collection and automated analysis, and I recently updated the publicly available LNK pars….

RT @rapid7: Analysts can overlook lesser-known data points during LNK forensics for cyber threat intelligence, missing valuable insights. 🔍….

RT @shortxstack: day 1 of THVR @WWHackinFest training off to a great start 🦖🤓🔥

RT @DDI_Training: Wrapping up day 2 of THVR @WWHackinFest 😎. Every time, @eric_capuano makes this stuff look like a breeze . Fun side effec….

Velociraptor release 0.73 is now available for testing! Read about all the cool new features here . An exciting new feature is built in timelining capability. Check the blog post here

RT @_bromiley: @eric_capuano rocking the @velocidex content on Day 3! Students getting ready to hunt all the things. Day 3 @BlackHatEvents….

RT @0xanalyst: I recently conducted a Rapid incident Response utilizing @velocidex session. Here is the session notes with some VQLs that c….

RT @malmoeb: The incident started with a compromised server. When we extended the hunting to the entire network, we found traces of the "Wa….

Great example of VQL automation!.

RT @therealwlambert: Quick and dirty VQL to search for hosts potentially vulnerable to #OpenSSH #regreSSHion 🐛#CVE20246387 in @velocidex #….

RT @scudette: I was so excited about the new 0.72 release of Velociraptor I just could not wait to make a quick video to show you all the n….

📣 Velociraptor v0.7.2 is now live!. The long-awaited release is highlighted by EWF support, dynamic DNS, improved SSH access, secrets management & much more. Read up on all the exciting new features and download it today:

If you are a regular user, you'll no doubt have noticed new features since v0.7.1 that extend forensic capabilities on various systems. Nathanael Ndong shows us how to leverage those new features to perform forensic analysis of a VMware ESXi hypervisor.

Registration is now open for Rapid7's Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more.

The next @BlackHatEvents USA will be here before you know it! Register for our Velociraptor hands-on training today and get a $600 discount off the registrations fees. You won't want to miss it.

One of the most critical sources of data when responding to an incident on windows systems is the event logs. Read below to explore the windows event log system and see how Velociraptor can be used to work around its limitations.