DEATHcon Velociraptor workshop was held November 2022. We cover some basic VQL use cases including NTFS, Event Logs, Yara and memory artifacts.
The workshop was implemented with Velociraptor 0.6.6 although the data generation can be applied to any version.
Workshop introduction
Lab 1 and 2
Lab 3 and Conclusion