tag :: VQL

• Cobalt Strike payload discovery and data manipulation in VQL
• Velociraptor vs Printnightmare
• Error "Parameter refers to an unknown artifact" when collecting a CLIENT artifact
• How do you generate random characters?
• What to do about error "Plugin info not found"
• How can I convert decimal?
• How do I re-collect a failed artifact in a hunt?
• How to control hunting by label groups?
• The Velociraptor process tracker
• How can I url/percent decode a string?
• How can I make a multipart/form-data POST request in VQL
• In VQL, can I SELECT a column with special characters in its name?
• Dead disk Forensics
• Paths and filesystem accessors
• WMI Event Consumers: what are you missing?
• Searching for files
• EQL to VQL - Leverage EQL based detection rules in Velociraptor
• ETW Part 2: Process Parent Spoofing
• Event Tracing for Windows Part 1
• Detecting DLL Hijacking With VQL
• Concurrent VQL
• Parsing binary files
• Slack and Velociraptor
• The Velociraptor Query Language Pt 2
• The Velociraptor Query Language Pt 1