Security Operations with Velociraptor

Presented at CactusCon 11 (2023), Jan. 28, 2023, 9 p.m. (60 minutes).

In this talk we will demonstrate the various powerful capabilities of the open source Velociraptor tool for Security Operations. Many know this tool for its IR capabilities, but few know that it is capable of far more to include orchestration of other security agents, real-time visibility, threat detection, and more. We will unveil the various features and use-cases of Velociraptor that prove it to be the most powerful tool in your SOC.

Presenters:

• Eric Capuano - CTO - Recon InfoSec
  Eric is the CTO and co-founder of Recon InfoSec. He is also a certified SANS instructor of Digital Forensics and Incident Response, and a former Cyber Warfare Operator in the Texas Air National Guard.
• Whitney Champion - Lead Architect - Recon InfoSec
  Whitney Champion is a co-founder and the lead architect at Recon InfoSec. She has extensive experience in large-scale infrastructure automation and orchestration in both the private and public sector. She builds and maintains the security stack that powers Recon’s MDR services and their network defense range, which supports their NDR training and OpenSOC.io.

Links:

• https://cactuscon-11.sessionize.com/session/393786

Similar Presentations:

• BSides Austin 2016 / The modern SOC: Adapting the Security Operations model to how we work.
• BSidesDC 2019 / Insights for secure API usage in conjunction with security automation and orchestration
• VB2016 / Building a Local PassiveDNS Capability for Malware Incident Response