FREE Cybersecurity Tool: Velociraptor (Step-By-Step Guide)
Рет қаралды 6,422
Күн бұрын🔍 Learn how this cybersecurity tool Velociraptor excels in collecting and analyzing endpoint data, aiding in the detection and response to security incidents. From its intuitive interface to customizable queries and powerful plugins. I'll walk you through on how to setup this tool step-by-step.
_________________________________
THE MYDFIR SOC ANALYST COURSE:
With 8 chapters and 30+ hands-on labs tailored to security operations, I am focused on transforming you into a standout SOC analyst. Beyond tools, you'll master the investigation process and uncover hidden details. Let's make a real difference together.
▸Enroll here: academy.mydfir.com/p/soc
_________________________________
SIGN UP FOR FREE MENTORSHIP
Getting started in Cybersecurity is difficult and you don't have to do it alone.
Let me help you on your journey.
▸Sign up for FREE here: www.mydfir.com
_________________________________
RECOMMEND COURSES FOR BEGINNERS:
Coursera Google Cybersecurity Program
Affiliate Link - imp.i384100.net/mydfir
Microsoft Cybersecurity Analyst Professional Certificate
Affiliate Link - imp.i384100.net/mydfir-MS
Coursera Google IT Support Professional Certificate
Affiliate Link - imp.i384100.net/mydfir-IT
_________________________________
PRODUCTS TO HELP YOU GET STARTED
🗺️ 1-Year Cybersecurity Roadmap: mydfir.gumroad.com/l/roadmap
📄 Resume Template: mydfir.gumroad.com/l/Resume-T...
📑 Cover Letter Template: mydfir.gumroad.com/l/Cover-Le...
🎙️ Interview Questions: www.mydfir.com/interview
📚 Cybersecurity bookmarks: mydfir.gumroad.com/l/bookmarks
_________________________________
EARLY ACCESS & EXCLUSIVE VIDEOS
Patreon: / mydfir
_________________________________
🕒 TIMELINE
00:00 - Intro
00:35 - Velociraptor Introduction
01:38 - Demo
09:43 - Install Client
_________________________________
FOLLOW ME ON SOCIAL MEDIA:
▸Instagram: / mydfir
▸X: x.com/@MyDFIR
Disclaimer: All opinions in my videos are solely my own. Some links provided are affiliate links!
#cybersecurity #cybersecuritytrainingforbeginners #cybersecurityforbeginners #socanalyst #soc
@calmklods 7 ай бұрын
Another great video, thank you MyDFIR! Keep it up, really appreciate what you are doing and how it helps me in my learning and path into the Cyber Security :) Happy holidays to you!
@MyDFIR 7 ай бұрын
Great to hear! Will do ❤️
@KenPryor 7 ай бұрын
Great intro to Velociraptor. I've been using it in my homelab for quite a while and finally convinced my boss a few months ago to let me set it up at work. It's been so great having it for investigative as well as general IT purposes.
@MyDFIR 7 ай бұрын
Thanks! I absolutely love velociraptor and used it in real world environments. I am happy you convinced your boss because this tool is awesome!!
@KenPryor 7 ай бұрын
@@MyDFIR I'm currently working as the IT guy at a small community college and I've been using it for lots of stuff. Our managed risk provider was showing a lot of machines at risk of a certain CVE, so I wrote a Powershell script and pushed it out to all our machines via the Powershell hunt on Velociraptor and it worked perfectly. Such an amazing tool and unbelievably it's free.
@RozzClips 7 ай бұрын
Wohoooh!! Thank you MyDFIR
@MyDFIR 7 ай бұрын
My pleasure!
@PacketWatchDog 7 ай бұрын
Great video! Thanks for this!
@MyDFIR 7 ай бұрын
Glad you liked it!
@musicalprodigy1 7 ай бұрын
DFIR teaching disciples yet again
@MyDFIR 7 ай бұрын
Happy to help ❤️
@elliscaicedo9045 7 ай бұрын
thanks MyDFIR
@MyDFIR 7 ай бұрын
Thanks for watching ❤️
@amededogbeh-agbo2843 7 ай бұрын
Great 👍
@MyDFIR 7 ай бұрын
Thank you! Cheers!
@trickwheel 7 ай бұрын
Are you watching my studies in my classes? It seems you keep putting out videos on stuff I am learning about or things I just covered. I just wrote about using velociraptor. FYI next class next semester is security scripting. Any videos on this topic? Would be appreciated if so.
@MyDFIR 7 ай бұрын
Yes I am! Haha can you imagine?! Security scripting is quite vague and honestly not something I can super great at but the general guidelines I would use is to find a use case for the script, go to chatgpt and ask it to help build a base then edit and rinse & repeat.
@trickwheel 7 ай бұрын
@@MyDFIR I believe you did make a vid about that. The class description is pretty vague too. I think it's focused on python and tool automation scripts. Hopefully it's to help work with SOAR tools. I'll pop in and update you when i know more as well as the other classes. Unless you already know them 😁 Thank you for your input and assistance.
@ingrimahechavalderrama9312 2 ай бұрын
Thanks great video, but I have a question samples the client configuration for a Windows as would be the client configuration for a macOS?
@MyDFIR 2 ай бұрын
Honestly I haven’t had the need to create one for macOS but I would believe so - download the macOS version and run the same command
@ingrimahechavalderrama9312 2 ай бұрын
@@MyDFIR Hello, which command? is that in windows is "sudo ./velociraptor-v0.72.0-linux-amd64 config repack --exe velociraptor-v0.72.0-windows-amd64.exe /opt/velociraptor/client.config.yaml velociraptor. exe" and for linux "sudo ./velociraptor-v0.72.0-linux-amd64 --config /opt/velociraptor/server.config.yaml debian server --binary velociraptor-v0.72.0-linux-amd64" but on mac how would the creation of this binary go?
@moodplatform7911 6 ай бұрын
Bro how to add more then one clients and we have to add our vm ip or regular ip address. I have send that exe file to my friend to run in powershell but in velociraptor it not showing as a client
@MyDFIR 6 ай бұрын
This is where network fundamentals come in - if it is on a different network and your velociraptor server is on your home network you will need to do some configuration to allow communication between the two
@kader8815 2 ай бұрын
@MyDFIR can i use velociraptor with wazuh , thehive , cortex and misp ?
@MyDFIR 2 ай бұрын
Absolutely! Try it out 💪💪 you got this
@kader8815 Ай бұрын
@@MyDFIR but i think is hard to integrate velociraptor with wazuh because both uses notion agents
@kader8815 Ай бұрын
make a video for integration between wazuh and velociraptor 😁
@anasalbeik9328 2 ай бұрын
hello sir .. why did you add a newly repacked executable 'DFIR' in the minute 10:30 ...is it necessary .. or the windows machine will not work well if we didn't do this step..i just didn't understand what is the purpose of that thanks in advance ❤
@MyDFIR 2 ай бұрын
Great question, yeah I am essentially recreating an EXE with the valid client config. That way once I execute that on my client PC, it knows how to connect back to my velo server
@anasalbeik9328 2 ай бұрын
@@MyDFIR clear sir ! thank you very much ❤
@espringer1035 7 ай бұрын
Can this all be done on virtualbox? My guess is yee
@MyDFIR 7 ай бұрын
Yup! In fact, what you are seeing is simply a VM on VMWare but you can always switch it for VirtualBox
@espringer1035 7 ай бұрын
@@MyDFIR Thank you I'll try it out
@ReligionAndMaterialismDebunked 7 ай бұрын
Fellow ethical hackers. Hehe
@MyDFIR 7 ай бұрын
👀👀❤️
@elfinofficial4071 6 ай бұрын
Is it possible to deploy Velociraptor instead of Wazuh? The company I'm working for assigned me to test Wazuh and other tools like Pritunl Zero. I still have quite hard time that Wazuh's out of the box rules are giving out so many alerts, which then when I talk with dev team, it is to be considered normal (yet they won't allow me to whitelist these alerts) I'm still very much new (less than a month learning Cybersecurity) and when there are alerts / suspicious events, it's still overwhelming of what to do next (they don't have playbook here yet) I came across Velociraptor from one of Tryhackme's room, and wondering if this will fit my office more. What is your opinion? Is it too redundant to run both? I'm starting your Wazuh-TheHIVE series today as well. Thank you so much for all these well done videos.
@MyDFIR 6 ай бұрын
It depends on your use case IMO - Velociraptor is neat however I see it being used as a post compromise tool vs detection tool if that is what you are trying to do.
@KitsRomero 7 ай бұрын
hi sir i got an error when i put the ip address you put on gui bind_ipaddress : 192.168.100.247. error is velociraptor[13564]: [ERROR] 2023-12-25T05:03:00Z GUI Server error: listen tcp 192.16. what should i put ip address where did you setup this on this youtube video? Thank you Sir
@MyDFIR 7 ай бұрын
Be sure to add your private IP address and restart the service if running on-prem.
@tradingwithperk Ай бұрын
DFIR I can’t access velociraptor through my web browser. I entered the same public DNS name of the Master frontend as you i.e. 192.168.100.247 Please how do I fix it?
@MyDFIR Ай бұрын
Can’t really say much without seeing your setup. Are you on the same network? Are ports opened?
David Bombal
Рет қаралды 456 М.