Posts tagged Velociraptor

8 min Velociraptor

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

In this post, we explore the structure of LNK files using Velociraptor, our open-source digital forensics and incident response (DFIR) tool.

2 min Velociraptor

Enhancing Velociraptor with the Cado Security Platform

Velociraptor is a robust open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool allows incident responders to effortlessly gather data from remote systems, regardless of their location.

11 min Velociraptor

Velociraptor 0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More

Rapid7 is very excited to announce that version 0.7.2 of Velociraptor is now fully available for download. In this post we’ll discuss some of the interesting new features.

7 min Velociraptor

How To Hunt For UEFI Malware Using Velociraptor

UEFI threats have historically been limited in number and mostly implemented by nation state actors as stealthy persistence. However, the recent proliferation of Black Lotus on the dark web, Trickbot enumeration module (late 2022), and Glupteba (November 2023) indicates that this historical trend may be changing. With this context, it is becoming important for security practitioners to understand visibility and collection capabilities for UEFI threats [http://4hko.drordi.com/info/understanding

10 min Velociraptor

Velociraptor 0.7.1 Release

Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities that add to the power and efficiency of this open-source digital forensic and incident response (DFIR) platform.

1 min Velociraptor

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability.

8 min Research

Little Crumbs Can Lead To Giants

This blog offers a deep dive into the world of Shell Link files (LNK) and Virtual Hard Disk files (VHD).

4 min Detection and Response

What’s New in Rapid7 Detection & Response: Q3 2023 in Review

Rapid7 has updated its Detection and Response offerings with advanced DFIR capabilities, custom detection rules, log search features, and more.

5 min Velociraptor

Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download.

2 min Velociraptor

Join us for VeloCON 2023: Digging Deeper Together!

Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET.

10 min Velociraptor

Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode

Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download.

2 min DFIR

VeloCON 2023: Submissions Wanted!

Our 2nd annual VeloCON virtual summit will be held this September, and the call for presentations closes Monday, July 17, 2023.

9 min DFIR

The Velociraptor 2023 Annual Community Survey

Rapid7's Velociraptor team distributed our first community survey in early 2023. Here's what we learned!

6 min Velociraptor

Automating Qakbot Detection at Scale With Velociraptor

This blog offers a practical methodology to extract configuration data from recent Qakbot samples.

5 min Open Source

Velociraptor Version 0.6.8 Available Now

Velociraptor update delivers new client-server communication protocol, VFS GUI, and performance upgrades