Announcements
Security Advisories
CVE-2024-10526
CVE-2023-5950
CVE-2023-2226
CVE-2023-0242
CVE-2023-0290
Documentation
Velociraptor Overview
History
Support Policy
Deployment
Self-Signed SSL
Cloud Deployment
Multi-Frontend
Organizations
Deploying Clients
Security
Performance
Troubleshooting
Config Reference
The Admin GUI
Artifacts
Hunting
Managing Clients
Searching for clients
Client Labels
Client Monitoring
Virtual File System
Shell Commands
Troubleshooting
VQL Fundamentals
Notebooks
Artifacts
JOIN in VQL
Event Queries
Forensic Analysis
Searching Filenames
Velociraptor Paths
Remapping Accessors
Searching Content
NTFS Analysis
Binary parsing
Evidence Of Execution
Event Logs
Volatile State
Triage and acquisition
Remote Uploads
Extending VQL
Server Automation
Server API
Server Monitoring
Downloads
VQL Reference
Frequently Used ✨
Windows-only
Linux-only
Server-only
Parsers
Encode/Decode
Event Plugins
Experimental
Developer
Other
Accessors
Training
Playbooks
Blog
Presentations
Linux Conf Au 2022
Auscert 2022
SANS Summit 2022
Velocon 2022
DFRWS APAC 2022
EverythingOpen 2023
VeloCON 2023
Auscert 2024
Auscert 2024 Talk
Artifact Exchange
Artifact Reference
Knowledge Base
Search
Github
Discord
YouTube
Mailing List
RSS
Rapid7 Docs
Vql
tag :: Vql
Cobalt Strike payload discovery and data manipulation in VQL
Velociraptor vs Printnightmare
Set operations in VQL
Error "Parameter refers to an unknown artifact" when collecting a CLIENT artifact
How do you generate random characters?
What to do about error "Plugin info not found"
How can I convert decimal?
How do I re-collect a failed artifact in a hunt?
How to control hunting by label groups?
The Velociraptor process tracker
How can I url/percent decode a string?
How can I make a multipart/form-data POST request in VQL
In VQL, can I SELECT a column with special characters in its name?
Dead disk Forensics
Paths and filesystem accessors
WMI Event Consumers: what are you missing?
Searching for files
EQL to VQL - Leverage EQL based detection rules in Velociraptor
ETW Part 2: Process Parent Spoofing
Event Tracing for Windows Part 1
Detecting DLL Hijacking With VQL
Concurrent VQL
Parsing binary files
Slack and Velociraptor
The Velociraptor Query Language Pt 2
The Velociraptor Query Language Pt 1