Рет қаралды 14,814
This is the 1st video of 2 separate videos -- in the next video, Matt will showcase hunting malware with Velociraptor! MASSIVE thank you to Mike Cohen and Matt Green for joining me for this video! / scudette || / mgreen27
Thanks to @iamkingsage8571 for contributing timestamps!
00:00 Introduction
01:08 Velociraptor VFS
04:05 Artifacts & Automation w/ VQL
06:16 Sigma Rule matching w/ Hayabusa
07:20 Waiting on Hayabusa to finish scan.
09:20 How does Hayabusa compare to Chainsaw?
10:40 Parsing Hayabusa Findings
13:40 PsTree Attempt 1 w/PsList
17:55 PsTree Attempt 2 w/Velociraptor Process Tracker
19:50 Velociraptor Process Tracker
22:35 PSExec Change in v2.30 & How to look for the usage of PSExec
25:25 Why this is useful and example use case'
26:10 PowerShell Artifacts
27:30 Bits Transfer Artifact
28:50 How to hunt for multiple compromised machines.
30:40 Parsing the Results using VQL
33:20 Demo Conclusion
🔥 KZbin ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware