This is the next point release for Velociraptor - Digging deeper!
This change introduces some significant improvements:
- Collected query result sets are now indexed on the server. This means that it is fast to quickly seek within very large JSON file (like many Gb).
- Due to the previous change all tables are now infinite paging - making it possible to view all results in the GUI.
- Many GUI improvements
- NTFS parser now has a built in USN Journal parser.
- Experimental support for on host local hash database powered by USN parser. It is now possible to query for hashes in seconds.
Other notable changes:
- Added support of OpenID Connect for authentication.
- Add sinkhole: It is possible to block a domain name on endpoints by manipulating the hosts file.
- Parser for RecycleBin $I files and RecycleBin Artefact
- Table exports through the GUI now select columns: Allows to export only some columns into CSV or JSON files.
- Add Windows.Detection.ProcessMemory.CobaltStrike - a Cobalt Strike Memory scanner artifact.
- It is now possible to specify externally minted certificates for TLS
As always please file issues on the bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord