In this release we've moved a number of the existing plugins that were specifically for malware under a malware category, so if the old plugin was linux.check_afinfo which would now be linux.malware.check_afinfo, or windows.hollowprocesses would now be windows.malware.hollowprocesses. The old plugin names are now deprecated, due to be removed in around a year's time, but will continue to work until they are fully removed. They will issue a reminder that they have been deprecated when run with the old names.
- New plugin:
windows.etwpatch
volshellnow supports breakpoints (also known as watchpoints) that can be applied to a specific layer and offset that will break into python at the point the layer read occurs on that offset.- Various fixes across multiple plugins
- Improved documentation in many areas
New Contributors
- @JakePeralta7 made their first contribution in #1787
- @geekscrapy made their first contribution in #1813
- @ddogfoodd made their first contribution in #1815
Full Changelog: v2.26.0...v2.26.2