Taming the Velociraptor: who needs EDR anyway?
- MattG
- Comfy con au 2020 summer
- January 1, 1
This talk will look at some key capability I have learnt using Velociraptor in field, fighting evil over the last year and a bit. I will cover my background using the platform, key concepts then show capability that levels up above current EDR tools.
General layout will consist of:
- Intro / background.
- Key terms
- Hunting TemplateInjection macro’s with yara
- Bulk indicator and quickfire triage
- Hunting VSS
- Kerberos Tickets and Powershell
- Wrapup and Platform gaps