Skip to content

A repository to share publicly available Velociraptor detection content

Notifications You must be signed in to change notification settings

nvijatov/DetectRaptor

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DetectRaptor

A repository to share publicly available bulk Velociraptor detection content in an easy to consume way.

Simply take the release VQL zip and import it into Velociraptor.

This is made easy via the Velociraptor artifact exchange: Server.Import.DetectRaptor

Current artifacts include:

  • Windows.Detection.Amcache
  • Windows.Detection.Applications
  • Windows.Detection.BinaryRename
  • Windows.Detection.Bootloaders
  • Windows.Detection.Evtx
  • Windows.Detection.HijackLibsEnv
  • Windows.Detection.HijackLibsMFT
  • Windows.Detection.LolDriversMalicious
  • Windows.Detection.LolDriversVulnerable
  • Windows.Detection.MFT
  • Windows.Detection.NamedPipes
  • Windows.Detection.Powershell.ISEAutoSave
  • Windows.Detection.Powershell.PSReadline
  • Windows.Detection.Webhistory
  • Windows.Detection.ZoneIdentifier
  • Server.StartHunts

Some contributing repositories:

About

A repository to share publicly available Velociraptor detection content

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • YARA 93.5%
  • Python 6.5%