This is the next point release for Velociraptor - Digging deeper!
This release addresses a number of bug fixes and new features:
- GUI editor is now VQL and artifact aware - correct syntax highlighting in those parts of an artifact that expect VQL
- Support for parsing authenticode information from PE files, including cat files.
- Artifacts can now specify a custom notebook to control the notebook tab. Once they are collected in a hunt, there is a ready custom notebook for post processing.
- Artifacts can now import and export VQL code, so common functions can be shared between different artifacts
- New Shellbags artifact provides native parsing of shellbags. Alternatively, another artifact provides parsing using SBECmd.exe
- A new USN record carver is added to recover rotated USN records
- Better Hunt and Label support - you can now start a hunt targeting a label, and then assign clients to the hunt by simply adding the label to them, even after the hunt is started.
As always please file issues on the Github bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord
Notes
-
Fixes CVE-2021-3619, a post-authentication XSS issue
-
0.6.0-1 fixes a bug around the GROUP BY clause and other minor bugs.