Skip to content

Releases: Velocidex/velociraptor

Release 0.4.8

15 Aug 13:04
@scudette scudette
v0.4.8
5ba463d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.4.8

This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

This release includes many bug fixes and performance improvements, as well as new features:

  • Fixed bug in uploading sparse files (such as the USN journal)
  • Implemented client side event monitoring based on labels. This allows to target event monitoring to specific client groups.
  • Added hunt exclude condition (you can now exclude clients from a hunt based on labels too)
  • Console color support for more eye candy.
  • Automatically upgrade tools when server version changes. The upgrading the server's version will now trigger an update procedure that updates new tool versions.
  • Added direct download link to uploaded files. You dont have to prepare a zip first in order to just download one or two files.

As always please file issues on the bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord

Release notes

  • If using the GitHub OAuth2 authenticator, The config wizard used the wrong spelling. Please correct the spelling of GitHub in the config file to Github.
Assets 7
Loading

Release 0.4.7

29 Jul 16:15
@scudette scudette
v0.4.7
bc3169a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.4.7

This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

This release includes many bug fixes and performance improvements, as well as new features:

  • Added Github and Azure AD authenticators for SSO.
  • Notebooks are now only visible to their creators - users will need to explicitly share them to allow another user to collaborate.
  • Added a shell UI in host info screen. This makes it easy to interactively run remote shell commands.
  • Switch json encoder to support time serialization. Users can now specify the timezone they would like to see timestamps in.
  • Implemented a client KillKillKill message to immediately kill and restart the client.

Noteworthy new artifacts:

  • Added artifact to query dns cache Windows.System.DNSCache.
  • Add Windows.Remediation.Quarantine artifact allowing endpoints to be isolated but still reachable from Velociraptor.

As always please file issues on the bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord

image

Note: Please use the 0.4.7-1 binaries below to correct some small bugs that were reported since release.

Assets 9
Loading

Release 0.4.6

12 Jul 14:30
@scudette scudette
v0.4.6
1edf062
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.4.6

This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

This release includes many bug fixes and performance improvements, as well as new features:

  • NTFS parser can now efficiently collect sparse files like the USN journal.
  • Notebooks can be exported to zip files.
  • Added Windows.Search.VSS to enable live hunting of the VSS
  • Added the ability to load artifact packs - efficiently load a zip file containing many artifacts.
  • Call yara's ScanFile() API when accessor is not specified - this allows yara to mmap the files for faster scanning.
  • Artifact collector can now produce a HTML report.
  • Velociraptor now supports third party tools directly in the artifact definition.

As always please file issues on the bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord

Assets 7
Loading

Release 0.4.5

11 Jun 13:51
@scudette scudette
v0.4.5
17e0f0f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.4.5

This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

This release includes a number of UI improvements - the most interesting is the context sensitive suggestions in the notebook editor. Command completion in the editor is now context sensitive - so it completes depending on where the cursor is:

SELECT * FROM ? <--- complete plugin names.
SELECT * FROM pslist(? <--- complete pslist args
SELECT * FROM Artifacts.Windows.Sys.Users(? <-- completes artifact parameters.

elsewhere complete VQL functions and local variables.

Typing ? anywhere will show all current possibilities.

image

As always please file issues on the bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord

Assets 7
Loading

Release 0.4.4

01 Jun 05:20
@scudette scudette
v0.4.4
0ee335b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.4.4

This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

This release includes a number bug fixes and enhancements. The main feature of this release is the addition of a GUI for creating a standalone collector as described in our blog post. Please test this feature if you find it useful.

As always please file issues on the bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord

Assets 7
Loading

Release 0.4.3

17 May 11:02
@scudette scudette
v0.4.3
7b5c4c8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.4.3 Pre-release
Pre-release

This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

This release includes a number of new features in a number of areas

Frontend and client comms

  • The MySQL backend is now fully supported and considered stable.
  • It is now possible to provision multiple frontends - Simply add a new frontend by using the config frontend command.
  • Clients can automatically load balance the multiple frontends by cooperatively redirecting between live frontends.

VQL

  • It is now possible to refer to columns containing space or . characters using the backtick notation.
  • LET expressions now support direct assignment of expressions (e.g. LET time = timestamp(epoch=now()) )

GUI

  • Tables have a show VQL button in hunt and collection results - users can copy this VQL into a notebook to begin post processing results.
  • New Artifact notebook cell allows writing artifacts interactively directly in the GUI.
  • Added a raw JSON view to all tables.
  • Better integration with ACE editor offering VQL plugin completion, customizable editor (press ctrl-,) etc.

NOTE: Internally all collection results are now stored as JSONL instead of CSV. We can read old CSV files but new files are in JSONL.

As always please file issues on the bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord

Assets 6
Loading

Release 0.4.2

16 Apr 07:20
@scudette scudette
v0.4.2
36d1857
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.4.2

This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

This release brings many bug fixes and improvements. The main feature in this release is a new MySQL based data store. This data store should be considered as alpha, please do not yet use for production but if you are able to test it, we would appreciate the bug reports and feedback. Specifically we are interested in how this new data store responds to high load. We will use the MySQL data store in order to enable a distributed frontend architecture in the next release.

To enable the mysql data store, create a database and update your server.config.yaml

Datastore:
  implementation: MySQL
  mysql_username: root
  mysql_password: password
  mysql_server: 127.0.0.1
  mysql_database: velociraptor
Assets 7
Loading

Release 0.4.1

28 Mar 08:07
@scudette scudette
v0.4.1
e28411f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.4.1

This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

This release brings two major features to Velociraptor that many users have asked for:

  1. A role based ACL model - Velociraptor now features a role based ACL model allowing many users to collaborate and restricting the potential for damage by removing unnecessary permissions from users who do not need them.
  2. Velociraptor Notebooks are the successor to the old Jupyter notebook based workflow. Velociraptor notebooks are built into the tool and work out of the box - they are also better integrated into Velociraptor.

NOTE: If upgrading from earlier versions you must add ACLs to existing users who will have no access otherwise! Simply run:

velociraptor acl grant [email protected] --role administrator

To give the old user account the same level of access as before.

Similarly if you have API client keys you must grant them new access or they will stop working.

Assets 7
Loading

Release 0.4.0

09 Mar 12:36
@scudette scudette
v0.4.0
d780d6b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.4.0

This is the next point release of Velociraptor. This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

New Features

  • Create a WriteEvent() API to allow API Clients to push events to the server. This appears as part of the normal client monitoring artifacts and can be watched for by the server.
  • Many performance optimizations - By default we now optimized for 10k endpoints but it is configurable.
  • Ring buffer location is now OS dependent
  • Added some remediation artifacts

Bug fixes

  • Path minipulation is now more correct - can fully handle path components with path separators in them (e.g. registry keys with / and values with / or \ ).
Assets 7
Loading

Release 0.3.9

11 Feb 04:19
@scudette scudette
v0.3.9
0022e2c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 0.3.9

This is the next point release of Velociraptor. This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

New Features

  • Support reading gzipped datastore files - you can now just gzip the entire datastore when you run out of space
  • Plist parser and MacOS artifacts
  • "config generate" now allows merging a JSON config - this is useful to automate config generation
  • Cancelled flows remove related messages from the client's buffer file
  • Recursive VFS refresh implemented now
  • CSRF protection to GUI
  • parse_evtx() can accept a message database for message resolution

As always file issues on the bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord

Assets 7
Loading