Hey, this is really cool. went over velociraptor in a couple of my sans courses and needed it for an assignment I'm doing right now. ty, <33

Hey - I really liked the video and the demos you gave on Velociraptor! 🙂 In the end of the Video you mention that this demo was part of a SANS class. Would you mind disclosing which SANS course this was part from?

Your radar is awesome Eric 🎉 Unbelievable Incident response Demo ⚔️

Dude your videos are a hidden gem, like the old internet

Simply wow

wow

Really great structured information. Thanks. How to integrate hyabusa in hunt profile????

Incredible demo showing how Velociraptor truly takes IR capabilities to a whole other level! This is a game changer! The only thing missing was did the threat actor actually exfil those plans to the death star :) Thank you for this great insight! I have a new lab to build post haste!

Amazing stuff :D

Thanks a lot for such detailed explanation

Hi, thanks for the great video. I have a question. How the shellcode is decrypted and which component will decrypt it?

Great stuff! Thank you. Have you thought about releasing the collected data so that we can play with it in our own velociraptor server?

So I'm currently a windows system administrator and I've been in IT for about 7 years now. I'm looking to pivot into cybersecurity as an entry level SOC Analyst. Would you say this video is a good representation of what a brand new SOC Analyst would do right away or would you build up to this level of knowledge over time?

Absolutely incredible and in-depth demo! The pacing, the contents are all great! Bravo Eric!

I heard about this at the NCFI and started using it. Cederpelta was the one i used to use. Greetings from LaredoTx.

This was amazing. I just started learning about Velociraptor recently and have much to learn. This video was extremely helpful.

how to install OpenSOC on ubuntu?

Good video

Good job!

How did you prepared the demo environment with more than 60 workstations? is that a simulator tool? awsome talk by the way and thank you!

Great talk thanks

Wow! Incredible video, thank you!

This is awesome Really in-depth analysis Just had one question where can I find this data or the malware ? Is their a repository you have used for this ?

Issues that I see with this: 1. This seems to rely on AD GPO (or some sort of deployment tool), these days people are also using Macs and *inux so you might not get all the coverage. Secondly on this point is if GPO is disabled at the AD / workstation level then this too is rendered useless. 2. I personally don't know of one analyst that knows VQL let alone SQL 3. The UI is 🤮 4. Tools like Crowdstrike kinda do this using ML/AI without all the manual stuff 5. Dropping session seems quite POCCY to me 6. A lot of this stuff can be done using windows remote management in a scripted way

what an amazing video! thanks for all the info, really usefull!

This was so awesome!!! I could have watched this for hours. Motivated me so much to get my hands on this. Do you have more stuff Like this? Im hungry to learn! Thanks you for the Video

Thanks a lot dude. It would be really nice to upload more scenarios like this one. <3

Hello sir i need your mail or whatsapp for help

Awesome, impressed :) How about if the adversary does the cleanup while doing lateral movement?

32:54 😂

As a prospective blueteamer, this is very valuable. Only issue is having access to the tools to get the experience.

Dont know what more motivation is needed to use this awesome tool - for FREE! Thank you Eric C for sharing invaluable experience for FREE & Mike C for sharing this tech for FREE 👑🙌

Well done live hunt. thanks for sharing.

Wow, such a cool talk. Does velociraptor have to be implemented with a single network? Is there a way to have velociraptor clients from different networks communicate with a single server?

wait @23:39 , if a user login , will 4624 stored in the AD on in his/her PC.

This is so cool, I hope to work for a company that uses this some day.

Really excellent talk with so much information. Great to see Velociraptor wielded by such a skillful defender! A must watch presentation for any Blue Teamer or defender out there!

Great Demo Eric. Excellent example and a great presentation. Thanks, appreciated !

Thank you!

Looks like you could’ve gone for “under 15 minutes” 😂 nice content. I don’t know how there are not more subscribed!

This was very helpful! Hopefully you can do more videos like this to teach us! If you know of other resources that can bring to light the research process I would like to learn more. Thank You!

Is there any kind of simulated environment that someone could use to practice this type of SOC analysis?

@32:11 why when loading CyberChef in Moloch, did it say 'Mining Bitcoin Cash', as CC was loading? Also, this was a fantastic scenario walkthrough.

Super useful...is SOC Analyst an entry level in Cybersecurity field?

Hey, great video. Is it somehow possible to exports the logs from a particular stream and for a particular timeframe from the console?

nice video, really interesting to learn!

This is criminally under viewed for soc analyst applicants. Good content. Subbed.

This is awesome ! do you mind sharing the eradication script pls

What's your thoughts on Splunk vs Graylog?

I thought you said you have no degree or certification, that is not true