Velociraptor – Digging Deeper – Mike Cohen, Wes Lambert – PSW #711
Velociraptor is a multi-platform, open-source, endpoint forensics, monitoring, and response platform that allows security professionals to quickly and easily dig through host artifacts and perform detection and response at scale.
It’s fast, precise, powerful … and free. It also supports Linux, Windows and MacOS. Velociraptor is a unique tool since it offers a query language so that users may query their endpoint flexibly in response to new threat information.
In this session, we'll discuss the key components of Velociraptor, and how it can be leveraged to improve endpoint security and visibility and facilitate rapid response to large networks.
Segment Resources:
Please visit our documentation site where you can learn about Velociraptor https://docs.velociraptor.app/
Announcements
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Guests
Mike is a digital forensic researcher and senior software engineer. He has been building cutting edge open source digital forensic software for over 2 decades. In 2018 Mike founded the Velociraptor project – an advanced open source endpoint visibility platform. Mike has joined Rapid 7 in 2021 to continue work on velociraptor and the wider open source DFIR community.
Information Security professional with experience in:
> Incident Response
> Identity and Access Management
> Mobile Security
> Network Security Monitoring
> Policy and Program Development
> Vulnerability Management
> Web Access Management