Really excellent talk with so much information. Great to see Velociraptor wielded by such a skillful defender! A must watch presentation for any Blue Teamer or defender out there!

Dont know what more motivation is needed to use this awesome tool - for FREE! Thank you Eric C for sharing invaluable experience for FREE & Mike C for sharing this tech for FREE 👑🙌

Absolutely incredible and in-depth demo! The pacing, the contents are all great! Bravo Eric!

Incredible demo showing how Velociraptor truly takes IR capabilities to a whole other level! This is a game changer! The only thing missing was did the threat actor actually exfil those plans to the death star :) Thank you for this great insight! I have a new lab to build post haste!

This was amazing. I just started learning about Velociraptor recently and have much to learn. This video was extremely helpful.

Wow! Incredible video, thank you!

I heard about this at the NCFI and started using it. Cederpelta was the one i used to use. Greetings from LaredoTx.

what an amazing video! thanks for all the info, really usefull!

This was so awesome!!! I could have watched this for hours. Motivated me so much to get my hands on this. Do you have more stuff Like this? Im hungry to learn! Thanks you for the Video

Well done live hunt. thanks for sharing.

Amazing stuff :D

Really great structured information. Thanks. How to integrate hyabusa in hunt profile????

Great talk thanks

This is so cool, I hope to work for a company that uses this some day.

Great Demo Eric. Excellent example and a great presentation. Thanks, appreciated !

Good video

Awesome, impressed :) How about if the adversary does the cleanup while doing lateral movement?

Great stuff! Thank you. Have you thought about releasing the collected data so that we can play with it in our own velociraptor server?

Hi, thanks for the great video. I have a question. How the shellcode is decrypted and which component will decrypt it?

This is awesome Really in-depth analysis Just had one question where can I find this data or the malware ? Is their a repository you have used for this ?

Wow, such a cool talk. Does velociraptor have to be implemented with a single network? Is there a way to have velociraptor clients from different networks communicate with a single server?

How did you prepared the demo environment with more than 60 workstations? is that a simulator tool? awsome talk by the way and thank you!

wait @23:39 , if a user login , will 4624 stored in the AD on in his/her PC.

Issues that I see with this: 1. This seems to rely on AD GPO (or some sort of deployment tool), these days people are also using Macs and *inux so you might not get all the coverage. Secondly on this point is if GPO is disabled at the AD / workstation level then this too is rendered useless. 2. I personally don't know of one analyst that knows VQL let alone SQL 3. The UI is 🤮 4. Tools like Crowdstrike kinda do this using ML/AI without all the manual stuff 5. Dropping session seems quite POCCY to me 6. A lot of this stuff can be done using windows remote management in a scripted way