tag :: Vql

• Cobalt Strike payload discovery and data manipulation in VQL
• Velociraptor vs Printnightmare
• Pre-populating a server with clients, hunts and flows
• Manipulating VQL columns and rows
• How to automatically post process flows with an external program.
• How can I automatically add & update client metadata?
• Set operations in VQL
• How do I get a list of hunts across multiple organizations?
• Error "Parameter refers to an unknown artifact" when collecting a CLIENT artifact
• How do you generate random characters?
• What to do about error "Plugin info not found"
• How can I convert decimal?
• How do I re-collect a failed artifact in a hunt?
• How to control hunting by label groups?
• The Velociraptor process tracker
• How can I url/percent decode a string?
• How can I make a multipart/form-data POST request in VQL
• In VQL, can I SELECT a column with special characters in its name?
• Dead disk Forensics
• Paths and filesystem accessors
• WMI Event Consumers: what are you missing?
• Searching for files
• EQL to VQL - Leverage EQL based detection rules in Velociraptor
• ETW Part 2: Process Parent Spoofing
• Event Tracing for Windows Part 1
• Detecting DLL Hijacking With VQL
• Concurrent VQL
• Parsing binary files
• Slack and Velociraptor
• The Velociraptor Query Language Pt 2
• The Velociraptor Query Language Pt 1