Threat Hunting Home-Lab(using Velociraptor)
Deploy, Configure, and Hunt Threats with Velociraptor Forensics Platform
Overview
In this hands-on lab you will install and configure Velociraptor as a server, generate client installers for Ubuntu and Windows, deploy those clients to endpoints, and validate connectivity and basic collection. Velociraptor provides endpoint visibility, live forensic collection, and a VQL query language to hunt and investigate suspicious activity.
Key features covered
- Open-source DFIR / threat-hunting platform
- Scalable server + client architecture
- Create Debian & Windows client installers from the server
- Configure clients to connect to server via secure WebSocket (wss://)
- Validate service, view clients in GUI, run a simple VQL query
What You'll Learn
-
System Preparation
Learn how to update Linux, install dependencies, and prepare a dedicated environment for Velociraptor.
-
Velociraptor Installation
Step through downloading, renaming, and making the Velociraptor binary executable.
-
Service Setup & Validation
Learn how to generate a Debian package, install Velociraptor as a system service, and validate it with systemctl.
Prerequisites
-
Knowledge Base
Basic Linux administration (packages, services, firewall) -
Knowledge Base
Familiarity with systemd and configuration files -
Knowledge Base
Understanding of network ports and web-based GUIs
About Trainer
Rajneesh Gupta
Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.
Related Projects
AWS GuardDuty Findings Ingestion in Splunk using S3 and KMS Encryption
Build a secure pipeline to export GuardDuty security findings to an encrypted S3 bucket and automatically ingest them into Splunk for centralized threat monitoring and analysis.
AWS GuardDuty logs Ingestion in Splunk
Build a near real-time event-driven pipeline to stream GuardDuty security findings through EventBridge, SNS, and SQS into Splunk for immediate threat detection and incident response.
Open Source SIEM Home-Lab with Wazuh
Build and Configure a Complete Security Information and Event Management (SIEM) System with Wazuh