Really excellent talk with so much information. Great to see Velociraptor wielded by such a skillful defender! A must watch presentation for any Blue Teamer or defender out there!

Dont know what more motivation is needed to use this awesome tool - for FREE! Thank you Eric C for sharing invaluable experience for FREE & Mike C for sharing this tech for FREE 👑🙌

Absolutely incredible and in-depth demo! The pacing, the contents are all great! Bravo Eric!

Your radar is awesome Eric 🎉 Unbelievable Incident response Demo ⚔️

Incredible demo showing how Velociraptor truly takes IR capabilities to a whole other level! This is a game changer! The only thing missing was did the threat actor actually exfil those plans to the death star :) Thank you for this great insight! I have a new lab to build post haste!

Hey, this is really cool. went over velociraptor in a couple of my sans courses and needed it for an assignment I'm doing right now. ty,

I heard about this at the NCFI and started using it. Cederpelta was the one i used to use. Greetings from LaredoTx.

This was amazing. I just started learning about Velociraptor recently and have much to learn. This video was extremely helpful.

Awesome, impressed :) How about if the adversary does the cleanup while doing lateral movement?

Really great structured information. Thanks. How to integrate hyabusa in hunt profile????

This was so awesome!!! I could have watched this for hours. Motivated me so much to get my hands on this. Do you have more stuff Like this? Im hungry to learn! Thanks you for the Video

Well done live hunt. thanks for sharing.

Hi, thanks for the great video. I have a question. How the shellcode is decrypted and which component will decrypt it?

Great Demo Eric. Excellent example and a great presentation. Thanks, appreciated !

Wow! Incredible video, thank you!

Hey - I really liked the video and the demos you gave on Velociraptor! 🙂 In the end of the Video you mention that this demo was part of a SANS class. Would you mind disclosing which SANS course this was part from?

Great stuff! Thank you. Have you thought about releasing the collected data so that we can play with it in our own velociraptor server?

Wow, such a cool talk. Does velociraptor have to be implemented with a single network? Is there a way to have velociraptor clients from different networks communicate with a single server?

This is so cool, I hope to work for a company that uses this some day.

what an amazing video! thanks for all the info, really usefull!

Amazing stuff :D

This is awesome Really in-depth analysis Just had one question where can I find this data or the malware ? Is their a repository you have used for this ?

How did you prepared the demo environment with more than 60 workstations? is that a simulator tool? awsome talk by the way and thank you!

Great talk thanks

wait @23:39 , if a user login , will 4624 stored in the AD on in his/her PC.

Good video

Issues that I see with this: 1. This seems to rely on AD GPO (or some sort of deployment tool), these days people are also using Macs and *inux so you might not get all the coverage. Secondly on this point is if GPO is disabled at the AD / workstation level then this too is rendered useless. 2. I personally don't know of one analyst that knows VQL let alone SQL 3. The UI is 🤮 4. Tools like Crowdstrike kinda do this using ML/AI without all the manual stuff 5. Dropping session seems quite POCCY to me 6. A lot of this stuff can be done using windows remote management in a scripted way