The Threat Hunter's Dilemma

Share this post

Stacking in Velociraptor in 1 Minute

marcusedmondson.substack.com

Stacking in Velociraptor in 1 Minute

Stacking the threat hunting superpower.

Marcus Edmondson
May 10, 2024
1
Share this post

Stacking in Velociraptor in 1 Minute

marcusedmondson.substack.com
Share

What is stacking?

Stacking is just another name for grouping like objects together and counting the amount of each like object. Very useful for finding anomalies. Also the larger the environment the more useful it is. One process that is only running on 1 machine out of 10,000 is weird.

The Threat Hunter's Dilemma is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Here is how to do it in a Velociraptor notebook.

  1. Click column header and double triangle button.

  2. Click hamburger stack.

  3. Sort count column and look for weirdness.

  4. Find process you want to analyze. I chose cmd.exe.

Hope this was useful!

Consider subscribing or becoming a paid subscriber if you would like more educational posts like this!

Happy hunting,

Marcus

1
Share this post

Stacking in Velociraptor in 1 Minute

marcusedmondson.substack.com
Share

Discussion about this post

No posts

Ready for more?

© 2024 Marcus Edmondson
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture
Share