Velociraptor – Digging Deeper – Mike Cohen, Wes Lambert – PSW #711

Velociraptor is a multi-platform, open-source, endpoint forensics, monitoring, and response platform that allows security professionals to quickly and easily dig through host artifacts and perform detection and response at scale.

It’s fast, precise, powerful … and free. It also supports Linux, Windows and MacOS. Velociraptor is a unique tool since it offers a query language so that users may query their endpoint flexibly in response to new threat information.

In this session, we'll discuss the key components of Velociraptor, and how it can be leveraged to improve endpoint security and visibility and facilitate rapid response to large networks.

Segment Resources:

Please visit our documentation site where you can learn about Velociraptor https://docs.velociraptor.app/

Full episode and show notes

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

Guests

Mike Cohen
Mike Cohen
Digital Paleontologist at Rapid7

Mike is a digital forensic researcher and senior software engineer. He has been building cutting edge open source digital forensic software for over 2 decades. In 2018 Mike founded the Velociraptor project – an advanced open source endpoint visibility platform. Mike has joined Rapid 7 in 2021 to continue work on velociraptor and the wider open source DFIR community.

Wes Lambert
Wes Lambert
Principal Engineer at Security Onion Solutions, LLC

Information Security professional with experience in:

> Incident Response
> Identity and Access Management
> Mobile Security
> Network Security Monitoring
> Policy and Program Development
> Vulnerability Management
> Web Access Management

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Doug White
Doug White
Professor at Roger Williams University
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
prestitial ad