Velociraptor – Noise

Deepening the MDR partnership: Rapid7 now delivers Active Remediation with Velociraptor

Conner Goldstein — Tue, 29 Apr 2025 12:35:00 +0000

Powered by our best-in-class, open-source digital forensics and incident response (DFIR) tool, Rapid7 MDR analysts can take direct, approved remediation actions on your behalf.

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

Matthew Green — Fri, 01 Nov 2024 13:00:00 +0000

In this post, we explore the structure of LNK files using Velociraptor, our open-source digital forensics and incident response (DFIR) tool.

Enhancing Velociraptor with the Cado Security Platform

Rapid7 — Tue, 11 Jun 2024 16:38:47 +0000

Velociraptor is a robust open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool allows incident responders to effortlessly gather data from remote systems, regardless of their location.

Velociraptor 0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More

Rapid7 — Tue, 30 Apr 2024 14:29:26 +0000

Rapid7 is very excited to announce that version 0.7.2 of Velociraptor is now fully available for download. In this post we’ll discuss some of the interesting new features.

How To Hunt For UEFI Malware Using Velociraptor

Matthew Green — Thu, 29 Feb 2024 17:32:12 +0000

UEFI threats have historically been limited in number and mostly implemented by nation state actors as stealthy persistence. However, the recent proliferation of Black Lotus on the dark web, Trickbot enumeration module (late 2022), and Glupteba (November 2023) indicates that this historical trend may be changing.

With this context, it

Velociraptor 0.7.1 Release: Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023

Rapid7 — Fri, 29 Dec 2023 15:52:00 +0000

Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities that add to the power and efficiency of this open-source digital forensic and incident response (DFIR) platform.

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

Dr. Mike Cohen — Fri, 10 Nov 2023 18:56:15 +0000

This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability.

Little Crumbs Can Lead To Giants

Christiaan Beek — Thu, 05 Oct 2023 17:45:49 +0000

This blog offers a deep dive into the world of Shell Link files (LNK) and Virtual Hard Disk files (VHD).

What’s New in Rapid7 Detection & Response: Q3 2023 in Review

Margaret Wei — Thu, 05 Oct 2023 15:49:48 +0000

Rapid7 has updated its Detection and Response offerings with advanced DFIR capabilities, custom detection rules, log search features, and more.

Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Mike Cohen — Thu, 31 Aug 2023 13:00:00 +0000

Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download.

Join us for VeloCON 2023: Digging Deeper Together!

Carlos Canto — Thu, 17 Aug 2023 16:06:56 +0000

Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET.

Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode

Mike Cohen — Wed, 07 Jun 2023 20:17:13 +0000

Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download.

The Velociraptor 2023 Annual Community Survey

Rapid7 — Wed, 10 May 2023 14:00:27 +0000

Rapid7's Velociraptor team distributed our first community survey in early 2023. Here's what we learned!

Automating Qakbot Detection at Scale With Velociraptor

Rapid7 — Tue, 18 Apr 2023 13:00:00 +0000

This blog offers a practical methodology to extract configuration data from recent Qakbot samples.

Automating Qakbot decode at scale

Matthew Green — Fri, 14 Apr 2023 14:16:44 +0000

This is a technical post covering methodology to extract configuration data from recent Qakbot samples. I will provide background on Qakbot, walk through decode themes in an easy to visualize manner. I will then share a Velociraptor artifact to detect and automate the decode process at scale.

Velociraptor Version 0.6.8 Available Now

Carlos Canto — Thu, 30 Mar 2023 20:21:37 +0000

Velociraptor update delivers new client-server communication protocol, VFS GUI, and performance upgrades

Velociraptor Version 0.6.7: Better Offline Collection, Encryption, and an Improved NTFS Parser Dig Deeper Than Ever

Mike Cohen — Fri, 02 Dec 2022 15:00:00 +0000

Rapid7 is excited to announce the release of version 0.6.7 of Velociraptor – an advanced, open-source digital forensics and incident response (DFIR) tool.

What’s New in InsightIDR: Q3 2022 in Review

KJ McCann — Wed, 05 Oct 2022 14:00:00 +0000

This Q3 2022 recap post takes a look at some of the latest investments we've made to InsightIDR to drive detection and response forward.

Velociraptor Version 0.6.6: Multi-Tenant Mode and More Let You Dig Deeper at Scale Like Never Before

Carlos Canto — Tue, 04 Oct 2022 15:03:06 +0000

Rapid7 is excited to announce the release of version 0.6.6 of Velociraptor.

VeloCON 2022: Digging Deeper Together!

Carlos Canto — Thu, 08 Sep 2022 13:45:00 +0000

Have you ever wanted to share your passion and interest in Velociraptor with the rest of the community? VeloCON is your chance!