Velociraptor and Open Source Threat Hunting

Velociraptor is a cool name for a dinosaur, let alone a software package. I did a course today with one of the developers, and it looks like a great FOSS solution to EDR and threat hunting.

First, download the package from the releases page. It’s a very small, self contained file.

Here’s my notes from the day.

To configure the client

rem make the install dir
mkdir "c:\Program Files\Velociraptor\"
rem make the config file
velociraptor.exe --config velo_client.yaml config client > velo_client.yaml
rem connect the client
velociraptor.exe --config velo_client.yaml client -v

To run the server

velociraptor --config velo.config.yaml frontend -v

API client configuration

velociraptor.exe --config velo.config.yaml config api_client > api_client.config.yaml

To mount a connection to the client as a filesystem..

velociraptor --api_config api_client.config.yaml -v fuse q: C.5eedea6daec2f84c

I’m sure I’ll write more on this one day, but … it’s late and I’m tired and the wolves are nipping at my heels. 😇

#velociraptor #DFIR #tools #open source