7MS #646: Baby’s First Incident Response with Velociraptor

Hey friends, today I’m putting my blue hat on and dipping my toes in incident response by way of playing with Velociraptor, a very cool (and free!) tool to find evil in your environment. Perhaps even better than the price tag, Velociraptor runs as a single binary you can deploy to spin up a server and then request endpoints to “phone home” to you by way of GPO scheduled task. The things I talk about in this episode and show in the YouTube stream are all based off of this awesome presentation from Eric Capuano, who also was kind enough to publish a handout to accompany the presentation. And on a personal note, I wanted to share that Velociraptor has got me interested in jumping face first into some tough APT labs provided by XINTRA. More to come on XINTRA’s offering, but so far I’m very impressed!