Welcome to the third installment in this threat hunting series!
If you’ve been following along so far you should have a virtualized environment all set up and ready to hunt using the DFIR tool Velociraptor. However, if you are just joining please see my previous article Threat Hunting II: Environment Setup to get up to speed. This installment will focus on using Velociraptor’s hunting capabilities to identify malicious activity associated with real-world malware and threat actors. Let’s begin!