Uncovering Endpoint Compromise in Ransomware Attacks: Using Velociraptor to Investigate, Monitor, and Remediate Threat Activity

9/26/2023 12:00:00 PM [(UTC-05:00) Eastern Time (US & Canada)] - Can't make the live event? Register anyway to receive a link to the recording.

Show/Hide All Time Zones

All Time Zones


Dateline Standard Time-(UTC-12:00) International Date Line West	9/26/2023 4:00:00 AM
UTC-11-(UTC-11:00) Coordinated Universal Time-11	9/26/2023 5:00:00 AM
Aleutian Standard Time-(UTC-10:00) Aleutian Islands	9/26/2023 7:00:00 AM
Hawaiian Standard Time-(UTC-10:00) Hawaii	9/26/2023 6:00:00 AM
Marquesas Standard Time-(UTC-09:30) Marquesas Islands	9/26/2023 6:30:00 AM
Alaskan Standard Time-(UTC-09:00) Alaska	9/26/2023 8:00:00 AM
UTC-09-(UTC-09:00) Coordinated Universal Time-09	9/26/2023 7:00:00 AM
Pacific Standard Time (Mexico)-(UTC-08:00) Baja California	9/26/2023 9:00:00 AM
UTC-08-(UTC-08:00) Coordinated Universal Time-08	9/26/2023 8:00:00 AM
Pacific Standard Time-(UTC-08:00) Pacific Time (US & Canada)	9/26/2023 9:00:00 AM
US Mountain Standard Time-(UTC-07:00) Arizona	9/26/2023 9:00:00 AM
Mountain Standard Time (Mexico)-(UTC-07:00) La Paz, Mazatlan	9/26/2023 9:00:00 AM
Mountain Standard Time-(UTC-07:00) Mountain Time (US & Canada)	9/26/2023 10:00:00 AM
Yukon Standard Time-(UTC-07:00) Yukon	9/26/2023 9:00:00 AM
Central America Standard Time-(UTC-06:00) Central America	9/26/2023 10:00:00 AM
Central Standard Time-(UTC-06:00) Central Time (US & Canada)	9/26/2023 11:00:00 AM
Easter Island Standard Time-(UTC-06:00) Easter Island	9/26/2023 11:00:00 AM
Central Standard Time (Mexico)-(UTC-06:00) Guadalajara, Mexico City, Monterrey	9/26/2023 10:00:00 AM
Canada Central Standard Time-(UTC-06:00) Saskatchewan	9/26/2023 10:00:00 AM
SA Pacific Standard Time-(UTC-05:00) Bogota, Lima, Quito, Rio Branco	9/26/2023 11:00:00 AM
Eastern Standard Time (Mexico)-(UTC-05:00) Chetumal	9/26/2023 11:00:00 AM
Eastern Standard Time-(UTC-05:00) Eastern Time (US & Canada)	9/26/2023 12:00:00 PM
Haiti Standard Time-(UTC-05:00) Haiti	9/26/2023 12:00:00 PM
Cuba Standard Time-(UTC-05:00) Havana	9/26/2023 12:00:00 PM
US Eastern Standard Time-(UTC-05:00) Indiana (East)	9/26/2023 12:00:00 PM
Turks And Caicos Standard Time-(UTC-05:00) Turks and Caicos	9/26/2023 12:00:00 PM
Paraguay Standard Time-(UTC-04:00) Asuncion	9/26/2023 12:00:00 PM
Atlantic Standard Time-(UTC-04:00) Atlantic Time (Canada)	9/26/2023 1:00:00 PM
Venezuela Standard Time-(UTC-04:00) Caracas	9/26/2023 12:00:00 PM
Central Brazilian Standard Time-(UTC-04:00) Cuiaba	9/26/2023 12:00:00 PM
SA Western Standard Time-(UTC-04:00) Georgetown, La Paz, Manaus, San Juan	9/26/2023 12:00:00 PM
Pacific SA Standard Time-(UTC-04:00) Santiago	9/26/2023 1:00:00 PM
Newfoundland Standard Time-(UTC-03:30) Newfoundland	9/26/2023 1:30:00 PM
Tocantins Standard Time-(UTC-03:00) Araguaina	9/26/2023 1:00:00 PM
E. South America Standard Time-(UTC-03:00) Brasilia	9/26/2023 1:00:00 PM
SA Eastern Standard Time-(UTC-03:00) Cayenne, Fortaleza	9/26/2023 1:00:00 PM
Argentina Standard Time-(UTC-03:00) City of Buenos Aires	9/26/2023 1:00:00 PM
Greenland Standard Time-(UTC-03:00) Greenland	9/26/2023 2:00:00 PM
Montevideo Standard Time-(UTC-03:00) Montevideo	9/26/2023 1:00:00 PM
Magallanes Standard Time-(UTC-03:00) Punta Arenas	9/26/2023 1:00:00 PM
Saint Pierre Standard Time-(UTC-03:00) Saint Pierre and Miquelon	9/26/2023 2:00:00 PM
Bahia Standard Time-(UTC-03:00) Salvador	9/26/2023 1:00:00 PM
UTC-02-(UTC-02:00) Coordinated Universal Time-02	9/26/2023 2:00:00 PM
Mid-Atlantic Standard Time-(UTC-02:00) Mid-Atlantic - Old	9/26/2023 2:00:00 PM
Azores Standard Time-(UTC-01:00) Azores	9/26/2023 4:00:00 PM
Cape Verde Standard Time-(UTC-01:00) Cabo Verde Is.	9/26/2023 3:00:00 PM
UTC-(UTC) Coordinated Universal Time	9/26/2023 4:00:00 PM
GMT Standard Time-(UTC+00:00) Dublin, Edinburgh, Lisbon, London	9/26/2023 5:00:00 PM
Greenwich Standard Time-(UTC+00:00) Monrovia, Reykjavik	9/26/2023 4:00:00 PM
Sao Tome Standard Time-(UTC+00:00) Sao Tome	9/26/2023 4:00:00 PM
Morocco Standard Time-(UTC+01:00) Casablanca	9/26/2023 5:00:00 PM
W. Europe Standard Time-(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna	9/26/2023 6:00:00 PM
Central Europe Standard Time-(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague	9/26/2023 6:00:00 PM
Romance Standard Time-(UTC+01:00) Brussels, Copenhagen, Madrid, Paris	9/26/2023 6:00:00 PM
Central European Standard Time-(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb	9/26/2023 6:00:00 PM
W. Central Africa Standard Time-(UTC+01:00) West Central Africa	9/26/2023 5:00:00 PM
GTB Standard Time-(UTC+02:00) Athens, Bucharest	9/26/2023 7:00:00 PM
Middle East Standard Time-(UTC+02:00) Beirut	9/26/2023 7:00:00 PM
Egypt Standard Time-(UTC+02:00) Cairo	9/26/2023 7:00:00 PM
E. Europe Standard Time-(UTC+02:00) Chisinau	9/26/2023 7:00:00 PM
Syria Standard Time-(UTC+02:00) Damascus	9/26/2023 7:00:00 PM
West Bank Standard Time-(UTC+02:00) Gaza, Hebron	9/26/2023 7:00:00 PM
South Africa Standard Time-(UTC+02:00) Harare, Pretoria	9/26/2023 6:00:00 PM
FLE Standard Time-(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius	9/26/2023 7:00:00 PM
Israel Standard Time-(UTC+02:00) Jerusalem	9/26/2023 7:00:00 PM
South Sudan Standard Time-(UTC+02:00) Juba	9/26/2023 6:00:00 PM
Kaliningrad Standard Time-(UTC+02:00) Kaliningrad	9/26/2023 6:00:00 PM
Sudan Standard Time-(UTC+02:00) Khartoum	9/26/2023 6:00:00 PM
Libya Standard Time-(UTC+02:00) Tripoli	9/26/2023 6:00:00 PM
Namibia Standard Time-(UTC+02:00) Windhoek	9/26/2023 6:00:00 PM
Jordan Standard Time-(UTC+03:00) Amman	9/26/2023 7:00:00 PM
Arabic Standard Time-(UTC+03:00) Baghdad	9/26/2023 7:00:00 PM
Turkey Standard Time-(UTC+03:00) Istanbul	9/26/2023 7:00:00 PM
Arab Standard Time-(UTC+03:00) Kuwait, Riyadh	9/26/2023 7:00:00 PM
Belarus Standard Time-(UTC+03:00) Minsk	9/26/2023 7:00:00 PM
Russian Standard Time-(UTC+03:00) Moscow, St. Petersburg	9/26/2023 7:00:00 PM
E. Africa Standard Time-(UTC+03:00) Nairobi	9/26/2023 7:00:00 PM
Volgograd Standard Time-(UTC+03:00) Volgograd	9/26/2023 7:00:00 PM
Iran Standard Time-(UTC+03:30) Tehran	9/26/2023 7:30:00 PM
Arabian Standard Time-(UTC+04:00) Abu Dhabi, Muscat	9/26/2023 8:00:00 PM
Astrakhan Standard Time-(UTC+04:00) Astrakhan, Ulyanovsk	9/26/2023 8:00:00 PM
Azerbaijan Standard Time-(UTC+04:00) Baku	9/26/2023 8:00:00 PM
Russia Time Zone 3-(UTC+04:00) Izhevsk, Samara	9/26/2023 8:00:00 PM
Mauritius Standard Time-(UTC+04:00) Port Louis	9/26/2023 8:00:00 PM
Saratov Standard Time-(UTC+04:00) Saratov	9/26/2023 8:00:00 PM
Georgian Standard Time-(UTC+04:00) Tbilisi	9/26/2023 8:00:00 PM
Caucasus Standard Time-(UTC+04:00) Yerevan	9/26/2023 8:00:00 PM
Afghanistan Standard Time-(UTC+04:30) Kabul	9/26/2023 8:30:00 PM
West Asia Standard Time-(UTC+05:00) Ashgabat, Tashkent	9/26/2023 9:00:00 PM
Ekaterinburg Standard Time-(UTC+05:00) Ekaterinburg	9/26/2023 9:00:00 PM
Pakistan Standard Time-(UTC+05:00) Islamabad, Karachi	9/26/2023 9:00:00 PM
Qyzylorda Standard Time-(UTC+05:00) Qyzylorda	9/26/2023 9:00:00 PM
India Standard Time-(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi	9/26/2023 9:30:00 PM
Sri Lanka Standard Time-(UTC+05:30) Sri Jayawardenepura	9/26/2023 9:30:00 PM
Nepal Standard Time-(UTC+05:45) Kathmandu	9/26/2023 9:45:00 PM
Central Asia Standard Time-(UTC+06:00) Astana	9/26/2023 10:00:00 PM
Bangladesh Standard Time-(UTC+06:00) Dhaka	9/26/2023 10:00:00 PM
Omsk Standard Time-(UTC+06:00) Omsk	9/26/2023 10:00:00 PM
Myanmar Standard Time-(UTC+06:30) Yangon (Rangoon)	9/26/2023 10:30:00 PM
SE Asia Standard Time-(UTC+07:00) Bangkok, Hanoi, Jakarta	9/26/2023 11:00:00 PM
Altai Standard Time-(UTC+07:00) Barnaul, Gorno-Altaysk	9/26/2023 11:00:00 PM
W. Mongolia Standard Time-(UTC+07:00) Hovd	9/26/2023 11:00:00 PM
North Asia Standard Time-(UTC+07:00) Krasnoyarsk	9/26/2023 11:00:00 PM
N. Central Asia Standard Time-(UTC+07:00) Novosibirsk	9/26/2023 11:00:00 PM
Tomsk Standard Time-(UTC+07:00) Tomsk	9/26/2023 11:00:00 PM
China Standard Time-(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi	9/27/2023 12:00:00 AM
North Asia East Standard Time-(UTC+08:00) Irkutsk	9/27/2023 12:00:00 AM
Singapore Standard Time-(UTC+08:00) Kuala Lumpur, Singapore	9/27/2023 12:00:00 AM
W. Australia Standard Time-(UTC+08:00) Perth	9/27/2023 12:00:00 AM
Taipei Standard Time-(UTC+08:00) Taipei	9/27/2023 12:00:00 AM
Ulaanbaatar Standard Time-(UTC+08:00) Ulaanbaatar	9/27/2023 12:00:00 AM
Aus Central W. Standard Time-(UTC+08:45) Eucla	9/27/2023 12:45:00 AM
Transbaikal Standard Time-(UTC+09:00) Chita	9/27/2023 1:00:00 AM
Tokyo Standard Time-(UTC+09:00) Osaka, Sapporo, Tokyo	9/27/2023 1:00:00 AM
North Korea Standard Time-(UTC+09:00) Pyongyang	9/27/2023 1:00:00 AM
Korea Standard Time-(UTC+09:00) Seoul	9/27/2023 1:00:00 AM
Yakutsk Standard Time-(UTC+09:00) Yakutsk	9/27/2023 1:00:00 AM
Cen. Australia Standard Time-(UTC+09:30) Adelaide	9/27/2023 1:30:00 AM
AUS Central Standard Time-(UTC+09:30) Darwin	9/27/2023 1:30:00 AM
E. Australia Standard Time-(UTC+10:00) Brisbane	9/27/2023 2:00:00 AM
AUS Eastern Standard Time-(UTC+10:00) Canberra, Melbourne, Sydney	9/27/2023 2:00:00 AM
West Pacific Standard Time-(UTC+10:00) Guam, Port Moresby	9/27/2023 2:00:00 AM
Tasmania Standard Time-(UTC+10:00) Hobart	9/27/2023 2:00:00 AM
Vladivostok Standard Time-(UTC+10:00) Vladivostok	9/27/2023 2:00:00 AM
Lord Howe Standard Time-(UTC+10:30) Lord Howe Island	9/27/2023 2:30:00 AM
Bougainville Standard Time-(UTC+11:00) Bougainville Island	9/27/2023 3:00:00 AM
Russia Time Zone 10-(UTC+11:00) Chokurdakh	9/27/2023 3:00:00 AM
Magadan Standard Time-(UTC+11:00) Magadan	9/27/2023 3:00:00 AM
Norfolk Standard Time-(UTC+11:00) Norfolk Island	9/27/2023 3:00:00 AM
Sakhalin Standard Time-(UTC+11:00) Sakhalin	9/27/2023 3:00:00 AM
Central Pacific Standard Time-(UTC+11:00) Solomon Is., New Caledonia	9/27/2023 3:00:00 AM
Russia Time Zone 11-(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky	9/27/2023 4:00:00 AM
New Zealand Standard Time-(UTC+12:00) Auckland, Wellington	9/27/2023 5:00:00 AM
UTC+12-(UTC+12:00) Coordinated Universal Time+12	9/27/2023 4:00:00 AM
Fiji Standard Time-(UTC+12:00) Fiji	9/27/2023 4:00:00 AM
Kamchatka Standard Time-(UTC+12:00) Petropavlovsk-Kamchatsky - Old	9/27/2023 5:00:00 AM
Chatham Islands Standard Time-(UTC+12:45) Chatham Islands	9/27/2023 5:45:00 AM
UTC+13-(UTC+13:00) Coordinated Universal Time+13	9/27/2023 5:00:00 AM
Tonga Standard Time-(UTC+13:00) Nuku'alofa	9/27/2023 5:00:00 AM
Samoa Standard Time-(UTC+13:00) Samoa	9/27/2023 6:00:00 AM
Line Islands Standard Time-(UTC+14:00) Kiritimati Island	9/27/2023 6:00:00 AM

Webinar Registration

Regardless of whether a cyberattack begins with phishing, RDP/remote access, or exploiting a vulnerability, eventually the threat actor needs to find themselves on an endpoint to serve as a foothold for C2 communications, lateral movement, and (in some cases) exfiltration. And, as with nearly every other type of cyberattack, ransomware attacks require a somewhat predictable sequence of actions necessary to establish persistence at the system and account levels, escalate privileges, perform discovery activities, and more.

And with these actions, there are artifacts left behind that offer up not only “clues” as to what has transpired, but can often clearly spell out exactly what actions have been taken.

Opensource software like Velociraptor offer cybersecurity practitioners with advanced digital forensics, monitoring, and incident response capabilities, empowering a more flexible and effective digital forensics and incident response (DFIR) workflow. In this Real Training for Free session, we’ll take a look at the valuable forensic artifacts Windows leaves behind and how to use opensource software like Velociraptor to flexibly respond to a ransomware attack based on findings.

Up first, 4-time Microsoft MVP, Nick Cavalancia takes my seat as he discusses:

What is DFIR and what should a basic DFIR workflow look like
Artifacts 101: what are the core forensics artifacts that can be of value in an investigation
Mapping an investigation to MITRE

Next up, you’ll hear from Mike Cohen, Consulting Software Engineer at RAPID7 who will uncover a typical compromise found during a ransomware attack using Velociraptor, following the artifacts based on the forensic details found. Activities will include:

Scoping the environment
Identifying suspicious activity
Identifying the initial attack vector
Gathering evidence

Mike will also discuss monitoring with Velociraptor showing how this can enhance your forensics process by collecting even more information proactively. Lastly, Mike will demonstrate how Velociraptor can be used to remediate the environment based on the uncovered actions.

This Real Training for Free session will be chock full of practical, real-world content!

First Name:
Last Name:
Work Email:
Phone:
Job Title:
Organization:
Country:
State:
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

September 2023 Patch Monday	"Patch Tuesday - Two Zero Days; Five Critical " - sponsored by LOGbinder

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2023 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.