github Velocidex/velociraptor v0.5.4
Release 0.5.4

latest releases: v0.73, v0.72, v0.7.1...
3 years ago

This is the next point release for Velociraptor - Digging deeper!

This change introduces some significant improvements, new features and bug fixes. Some notable changes include:

  • Add automatic type conversion for artifact parameters: Previously all artifact parameters were strings and artifact writers had to manually convert from these string representations to a VQL type. This conversion is now done automatically and consistently.
  • Tool setup now allows overriding the tool URL as well - useful when hosting your tools off S3 or GCS
  • Added a parallel plugin for fast post processing. This speeds up notebook post processing by up to x10
  • Added server metadata screen. Server can now have user settable configuration parameters which can be used to centrally store and manage global parameters used by many artifacts (e.g. credentials).
  • Write monitoring query logs to a daily log file. It is now possible to view VQL logs sent by client and server event queries.

Also including a number of interesting new artifacts:

  • MacOS.System.Wifi - list wifi networks previously connected on osx
  • Server.Slack.Clients.Online - notify slack when a client comes back online
  • Windows.ActiveDirectory.BloodHound - Deploy bloodhound for AD auditing.
  • Windows.Application.Firefox.History - Get history from firefox
  • Windows.ETW.EdgeURLs - Stream accessed URLs from Edge browser.
  • Windows.ETW.WMIProcessCreate - Notify when a wmi win32_process create call starts a new process.
  • Windows.Forensics.SolarwindsSunburst - Hunt for solarwinds dlls.

As always please file issues on the Github bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord

Don't miss a new velociraptor release

NewReleases is sending notifications on new releases.