DetectRaptor
A repository to share publicly available Velociraptor detection content
Install / Use
/learn @mgreen27/DetectRaptorREADME
DetectRaptor
A repository to share publicly available bulk Velociraptor detection content in an easy to consume way.
Simply take the release VQL zip and import it into Velociraptor.
This is made easy via the Velociraptor artifact exchange: Server.Import.DetectRaptor
- Import Velociraptor Artifact Exchange
Server Artifacts > + Server.Import.ArtifactExchange
This should import the "Import DetectRaptor" artifact.
- Import DetectRaptor
Server Artifacts > + Exchange.Server.Import.DetectRaptor
Current artifacts include:
- DetectRaptor.Windows.Detection.Amcache
- DetectRaptor.Windows.Detection.Applications
- DetectRaptor.Windows.Detection.BinaryRename
- DetectRaptor.Windows.Detection.Bootloaders
- DetectRaptor.Windows.Detection.Evtx
- DetectRaptor.Windows.Detection.HijackLibsEnv
- DetectRaptor.Windows.Detection.HijackLibsMFT
- DetectRaptor.Windows.Detection.Powershell.ISEAutoSave
- DetectRaptor.Windows.Detection.LolDriversMalicious
- DetectRaptor.Windows.Detection.LolDriversVulnerable
- DetectRaptor.Windows.Detection.Yara.LolDrivers
- DetectRaptor.Windows.Detection.LolRMM
- DetectRaptor.Windows.Detection.MFT
- DetectRaptor.Windows.Detection.NamedPipes
- DetectRaptor.Windows.Registry.NetworkProvider
- DetectRaptor.Windows.Detection.Powershell.PSReadline
- DetectRaptor.Windows.Detection.Webhistory
- DetectRaptor.Generic.Detection.YaraFile
- DetectRaptor.Linux.Detection.YaraProcessLinux
- DetectRaptor.Macos.Detection.YaraProcessMacos
- DetectRaptor.Windows.Detection.YaraProcessWin
- DetectRaptor.Generic.Detection.YaraWebshell
- DetectRaptor.Windows.Detection.ZoneIdentifier
Server artifacts:
- DetectRaptor.Server.StartHunts
- DetectRaptor.Server.ManageContent
Some contributing repositories:
- https://github.com/svch0stz/velociraptor-detections
- https://www.bootloaders.io/
- https://hijacklibs.net/
- https://www.loldrivers.io/
- https://www.lolrmm.io/
- https://github.com/SigmaHQ/sigma
- https://yarahq.github.io/
Related Skills
qqbot-channel
349.2kQQ 频道管理技能。查询频道列表、子频道、成员、发帖、公告、日程等操作。使用 qqbot_channel_api 工具代理 QQ 开放平台 HTTP 接口,自动处理 Token 鉴权。当用户需要查看频道、管理子频道、查询成员、发布帖子/公告/日程时使用。
docs-writer
100.3k`docs-writer` skill instructions As an expert technical writer and editor for the Gemini CLI project, you produce accurate, clear, and consistent documentation. When asked to write, edit, or revie
model-usage
349.2kUse CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
arscontexta
3.0kClaude Code plugin that generates individualized knowledge systems from conversation. You describe how you think and work, have a conversation and get a complete second brain as markdown files you own.
