This competition encourages development of useful content and extension to the Velociraptor platform. Content may be VQL (server or client), plugin, integration, workflow or other capabilities.
Some specific ideas:
Impactful process/integration - How does your contribution help in making real world DFIR work smoother and more efficient? Describe how you used to do this task previously and how it has been improved as a result of your contribution.
Detection artifacts - Each submission may contain several VQL artifacts - how do the artifacts improve Velociraptor’s detection capability? Can you include metrics of how effective they are compared to previous technology?
Monitoring artifacts/plugins - This category includes real time monitoring queries to enhance Velociraptor’s endpoint monitoring capability.
Deadline for submission is Midnight 20th September 2021 anywhere on earth. The email address for submission is: email@example.com
Winners will be announced at the SANS Threat Hunting Summit Thurs Oct 7 - Fri, Oct 8, 2021
The competition carries 3 prize levels, first prize is $5000 USD, Second prize $3000 USD and third prize at $2000 USD. All winners will also receive a Velociraptor contributor coin, commemorating them as a valued member of the Velociraptor community.
Winning submissions will also be published on the Velociraptor web site.
Significant contributions will receive some cool Velociraptor merchandise.
The submitted content should work with the latest Velociraptor release. If your content requires new functionality, work with us to implement it in time for the submission deadline.
A submission must include new functionality in the form of VQL artifacts, Velociraptor plugins or new Velociraptor code/integration. Submissions should also include a short document or video explaining the contribution and its value to the wider DFIR community.
The Rapid 7 Velociraptor team can not submit but will be available to consult and assist other entrants. You may draw on any member of the community for help in creating the contribution (e.g. ask for help on Discord, file GitHub issues or feature requests etc), but all contributions should be substantially your own.
We have a lot of industry leaders on the judging panel. Members of the judging panel may enter a submission but they may not vote on their own submission or any submission for which they declare a conflict of interest.
The submission should include the code, description and a write up of functionality, background and a signed contribution license agreement (CLA).
In particular we want to know how the submission improves a capability or workflow in the real world. We value practical and impactful changes over technologically complex, but rarely used additions. The submission writeup should be sufficiently detailed for the judging panel to properly assess the novelty and usefulness of the submission.
All submission code will be released under the same license as Velociraptor (i.e. AGPL) and may be included in future releases. Contributors should also sign the Velociraptor CLA prior to submitting a contribution (Please click here to sign and indicate your Github username in the submission).
The Velociraptor competition judges are selected from the wider industry and past community contributions. The judges will independently rank contributions and will vote based on the following broad criteria.
Selected works may also be asked to present their work at future conferences with the Velociraptor team and featured on the Velociraptor blog.