YoVDO

Velociraptor - Dig Deeper in Linux

Offered By: linux.conf.au via YouTube

Tags

linux.conf.au Courses Digital Forensics Courses Incident Response Courses Threat Detection Courses Linux Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the powerful open-source DFIR framework Velociraptor in this 46-minute conference talk from linux.conf.au 2022. Dive into Velociraptor's flexible query language VQL and learn how to implement novel detection methods, hunt for compromises, and automate response needs across large enterprise networks. Discover techniques for investigating and monitoring Linux host security, including hunting for SSH keys, detecting webshells through process analysis, and building sophisticated alerting systems for process execution chains and network connections. Gain insights into real-time endpoint monitoring, bash instrumentation, and scalable incident response strategies. Perfect for security professionals and system administrators looking to enhance their Linux security toolkit and incident response capabilities.

Syllabus

Introduction
Overview
What is Velociraptor
What Velociraptor looks like
Velociraptor efficiency
VQL
VQL artifacts
Example
SSH logs
Grog
Notebook
Recap
Artifact
Hunt
Unsecured Search Keys
Parse Private Keys
Binary Format
Parser
Search
Carving
Event Monitoring
Streaming Queries
Event Queries
Watch syslog
Sysmon


Taught by

linux.conf.au

Related Courses

The Open-Source Chatbot That Accidentally Built a Community
linux.conf.au via YouTube
Add Depth - Stereoscopic Imagery for Everyone
linux.conf.au via YouTube
Becoming a Tyrant - Implementing Secure Boot in Embedded Devices
linux.conf.au via YouTube
The seL4 Foundation - Growing Through Upheaval
linux.conf.au via YouTube
Conference Close
linux.conf.au via YouTube