velociraptor
velociraptor copied to clipboard
Velocidex
Digging Deeper....
Some artifacts work in unexpected ways if a parameter is not specified. For example Generic.Utils.FetchBinary has: ```yaml - name: ToolInfo type: hidden description: A dict containing the tool information. ```...
I have the following lines in /var/log/auth.log: ``` $ grep ssh2 /var/log/auth.log 2024-07-09T15:00:29.099504+02:00 antoine-VirtualBox sshd[19778]: Accepted password for antoine from 127.0.0.1 port 41580 ssh2 2024-07-09T15:39:31.205662+02:00 antoine-VirtualBox sshd[3411]: Failed password for...
It is currently possible to add a description to columns types (ColumnType), but I believe this field is unused (although I haven't looked through all the code). The web interface...
Related to my [issue](https://github.com/Velocidex/velociraptor/issues/3597) about case sensitivity for zip accessors, I noticed that the zip accessor does not support LZMA compression (for Dissect acquire collects with lzma compression) ``` [INFO]...
```SQL /* # This is a Markdown title */ // Works just fine: SELECT 'Foo' FROM scope() SELECT 'Bar' AS Bar FROM scope() GROUP BY Bar // Troublesome comment ORDER...
We use an offline collector with the KapeFiles artifact. With default configuration the collector uses lazy_ntfs for registry hives and does not pull Windows\System32\config\SOFTWARE for example. However, when I changed...
We reguarly use Yara.Glob to hunt for IOC lines in log files. Currently the Yara artifacts use the upload feature to upload hit for presentation for standard yara use cases....
A full description of correlations is found here https://open.substack.com/pub/ecapuano/p/atomic-and-stateful-detection-rules
Our current sanitization policies prevents block quotes. For artifacts that use tools these can be useful for including quoted instructions or descriptions from the tool vendor.
We can export results to csv or json, but it would be nice to be able to process the data with templating and then export it to text. This allows...