Releases: Velocidex/velociraptor
Release 0.2.8
This is the next release of Velociraptor.
This release brings many improvements to scalability and efficiency. The main features are:
- Velociraptor can now use self signed SSL for all connections (gRPC, client/server and GUI).
- Velociraptor can now dump process memory using the proc_dump() VQL plugin.
- Implemented exported files which are included in artifacts verbatim.
- Added the ability to set artifact parameters in GUI.
- Velociraptor can now collect dns query logs on the end point and stream to the server.
- Client side throttling allows heavy collections on the endpoint with minimal performance impact.
- Flow completion notifications allow VQL queries to track completed flows.
- Python bindings added.
- Console added for command line completion of VQL queries.
- VBA macro extractor can dump VBA macros from office documents.
- A fifo() VQL plugin allows to write artifacts with time detection (e.g. detect a successful login after 3 failed ones).
- Prometheus metrics
- Authenticode support.
- All connections now use TLS - gRPC API is always using TLS now.
- Updated license to AGPLv3.
- Window and macOS binaries are now signed.
Release 0.2.7
This is the next point release of Velociraptor.
This release brings many features:
- Velociraptor can use autocert to provision its own SSL certs.
- Velociraptor now supports oauth so it can be used with Google's SSO.
- Hunts flow is now reworked to be much simpler.
- Lots of GUI improvements:
- Artifact editor allows users to copy and tweak existing artifacts.
- Remove a lot of old GRR GUI elements which are no longer used.
The details are described in our blog posts:
Release 0.2.6
This is the next point release of Velociraptor.
Highlights of this release include:
- Added interactive shell and execve() VQL plugin. It is now possible to write artifacts which run arbitrary commands on the client.
- Server side VQL can be used to watch client monitoring events and raise alerts.
- Added artifact acquisition which allows to run multiple event artifacts concurrently to watch and react to rules.
The details are described in our blog posts:
Release 0.2.5
This is the next point release of the Velociraptor DFIR tool.
This release introduces the event monitoring framework. This allows Velociraptor to watch event logs and record process execution logs on Windows.
More details in the workshop slides:
https://docs.velociraptor.velocidex.com/blog/html/2018/11/13/velociraptor_training_at_nzitf.html
Release 0.2.4
Welcome to the next point release of Velociraptor.
This release brings yara integration and raw NTFS support.
More details on our blog https://velociraptor-blog.velocidex.com/
Point release 0.2.3
Welcome to the next point release of Velociraptor - an advanced endpoint monitoring and response tool based on the Velocidex Query Language (VQL).
This release introduces the new client communication protocol. This allows Velociraptor clients to be
responsive and fast and offers a huge improvement over previous releases. Read more about this on our
blog at https://velociraptor-blog.velocidex.com/2018/09/velociraptors-client-communication.html
Binaries for Linux and Windows are available:
- Linux: velociraptor_0.2.3.elf e74588ebbeae30c0f9387619fb2ae9772627ef121865cabde435d4350338a919
- Windows: velociraptor_0.2.3.exe 5ef5c39164d577d6703d0ef56c67b7d80a77ace1b3f980edf7868ec2e1e0ed74
Initial alpha release
First alpha release.
Only suitable for testing. Please send feedback to [email protected] or file issues on https://gitlab.com/velocidex/velociraptor/
Welcome to the first public release of Velociraptor - an advanced endpoint monitoring and response tool based on the Velocidex Query Language (VQL).
More information about project motivations and design can be seen on our blog https://velociraptor-blog.velocidex.com
Binaries for Linux and Windows are available:
Linux: 7becee1aca428c1d187fba654e711371f4f32847393eebac2b9c90fdfec76b91
Windows: 05e3bd5c85b8a1a15c418b175fa2940636e8bcc19d27d94f50ce071d6405d5f8