TheCyberMask/Threat-Hunting-Home-Lab-using-Velociraptor

# Threat Hunting and Forensics Home Lab using Velociraptor A home-lab setup designed to practice real threat-hunting skills using Velociraptor ## OBJECTIVE To create a complete threat-hunting home-lab using Velociraptor that enables hands-on practice in endpoint monitoring, forensic evidence collection, real-time detection of suspicious activity, and investigation of simulated cyber-attacks in a controlled environment. ## TOOLS USED Velociraptor Server & Client, Ubuntu Server, Ubuntu Desktop, VirtualBox ## LESSONS LEARNED 1 Learned how to install and configure Velociraptor for both server and client environments. 2 Understood how endpoint monitoring and forensic data collection works in real time. 3 Gained experience using VQL queries to collect artifacts and investigate systems. 4 Learned how to detect suspicious activity by analyzing collected logs and artifacts. 5 Understood the process of repacking client executables for deployment. 6 Learned how to manage services, check server status, and troubleshoot Velociraptor issues. 7 Understood the importance of opening firewall ports for server–client communication. 8 Gained practical exposure to building a safe environment for threat hunting and incident response. 9 Learned how attackers behave by simulating small attack scenarios and analyzing the results. 10 Improved overall skills in threat hunting, digital forensics, and endpoint visibility. # REPORT [Threat Hunting Home-Lab using Velociraptor](https://github.com/TheCyberMask/Threat-Hunting-Home-Lab-using-Velociraptor/blob/main/Threat%20Hunting%20Home%20Lab%20using%20Velociraptor.pdf)