This is the next release of Velociraptor.
This release brings many improvements to scalability and efficiency. The main features are:
- Velociraptor can now use self signed SSL for all connections (gRPC, client/server and GUI).
- Velociraptor can now dump process memory using the proc_dump() VQL plugin.
- Implemented exported files which are included in artifacts verbatim.
- Added the ability to set artifact parameters in GUI.
- Velociraptor can now collect dns query logs on the end point and stream to the server.
- Client side throttling allows heavy collections on the endpoint with minimal performance impact.
- Flow completion notifications allow VQL queries to track completed flows.
- Python bindings added.
- Console added for command line completion of VQL queries.
- VBA macro extractor can dump VBA macros from office documents.
- A fifo() VQL plugin allows to write artifacts with time detection (e.g. detect a successful login after 3 failed ones).
- Prometheus metrics
- Authenticode support.
- All connections now use TLS - gRPC API is always using TLS now.
- Updated license to AGPLv3.
- Window and macOS binaries are now signed.