mandiant · vm-packages · Dec 25, 2024 · Dec 25, 2024 · Dec 25, 2024 · Dec 25, 2024
diff --git a/packages/chainsaw.vm/chainsaw.vm.nuspec b/packages/chainsaw.vm/chainsaw.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>chainsaw.vm</id>
-    <version>2.10.1</version>
+    <version>2.10.4</version>
     <authors>WithSecure Labs</authors>
     <description>Chainsaw provides a powerful 'first-response' capability to quickly identify threats within Windows forensic artefacts such as Event Logs and the MFT file.</description>
     <dependencies>

diff --git a/packages/chainsaw.vm/tools/chocolateyinstall.ps1 b/packages/chainsaw.vm/tools/chocolateyinstall.ps1
@@ -4,8 +4,8 @@ Import-Module vm.common -Force -DisableNameChecking
 $toolName = 'chainsaw'
 $category = 'Forensic'
 
-$zipUrl = 'https://github.com/WithSecureLabs/chainsaw/releases/download/v2.10.1/chainsaw_all_platforms+rules.zip'
-$zipSha256 = '767c13000cca26adb23f3f320d2bd3fef78977ea50389658c1d5be941a90881e'
+$zipUrl = 'https://github.com/WithSecureLabs/chainsaw/releases/download/v2.10.4/chainsaw_all_platforms+rules.zip'
+$zipSha256 = 'e9512fb5c874c2f2bdd9c4c06c61f810b61ba2e5eff745a941c2d03613cdf952'
 
 $executableName = $toolName + "_x86_64-pc-windows-msvc.exe"
 

diff --git a/packages/cygwin.vm/cygwin.vm.nuspec b/packages/cygwin.vm/cygwin.vm.nuspec
@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>cygwin.vm</id>
-    <version>3.5.4</version>
+    <version>3.5.5</version>
     <description>Wrapper for cygwin and useful cygwin packages</description>
     <authors>Red Hat Inc.</authors>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="cygwin" version="[3.5.4]" />
+      <dependency id="cygwin" version="[3.5.5]" />
     </dependencies>
   </metadata>
 </package>
diff --git a/packages/exiftool.vm/exiftool.vm.nuspec b/packages/exiftool.vm/exiftool.vm.nuspec
@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>exiftool.vm</id>
-    <version>13.6.0</version>
+    <version>13.10.0</version>
     <authors>Phil Harvey</authors>
     <description>A tool for reeding and writing file metadata</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="exiftool" version="[13.6.0]" />
+      <dependency id="exiftool" version="[13.10.0]" />
     </dependencies>
   </metadata>
 </package>

diff --git a/packages/hayabusa.vm/hayabusa.vm.nuspec b/packages/hayabusa.vm/hayabusa.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>hayabusa.vm</id>
-    <version>2.19.0</version>
+    <version>3.0.0</version>
     <authors>Yamato Security</authors>
     <description>Windows event log fast forensics timeline generator and threat hunting tool</description>
     <dependencies>

diff --git a/packages/hayabusa.vm/tools/chocolateyinstall.ps1 b/packages/hayabusa.vm/tools/chocolateyinstall.ps1
@@ -4,9 +4,9 @@ Import-Module vm.common -Force -DisableNameChecking
 $toolName = 'hayabusa'
 $category = 'Forensic'
 
-$zipUrl = "https://github.com/Yamato-Security/hayabusa/releases/download/v2.19.0/hayabusa-2.19.0-win-x64.zip"
-$zipSha256 = 'cfac8c98aae65b1508fd4f922292962a50b8478a5f9958e22258d3512adacc5b'
+$zipUrl = "https://github.com/Yamato-Security/hayabusa/releases/download/v3.0.0/hayabusa-3.0.0-win-x64.zip"
+$zipSha256 = '3f89ca249cabae70374ce156d9f3f3fff7f69139bcfd24a0d12670596b30066b'
 
-$executableName = $toolName.ToLower() + "-2.19.0-win-x64.exe"
+$executableName = $toolName.ToLower() + "-3.0.0-win-x64.exe"
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $false -executableName $executableName
diff --git a/packages/hollowshunter.vm/hollowshunter.vm.nuspec b/packages/hollowshunter.vm/hollowshunter.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>hollowshunter.vm</id>
-    <version>0.3.9.20240411</version>
+    <version>0.4.0</version>
     <authors>hasherezade</authors>
     <description>Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).</description>
     <dependencies>

diff --git a/packages/hollowshunter.vm/tools/chocolateyinstall.ps1 b/packages/hollowshunter.vm/tools/chocolateyinstall.ps1
@@ -4,10 +4,10 @@ Import-Module vm.common -Force -DisableNameChecking
 $toolName = 'hollows_hunter'
 $category = 'Memory'
 
-$zipUrl = 'https://github.com/hasherezade/hollows_hunter/releases/download/v0.3.9/hollows_hunter32.zip'
-$zipSha256 = '3d96a22ea46952600e13bd1886314e3f0103750faa6bc79353851a15cf6d3431'
-$zipUrl_64 = 'https://github.com/hasherezade/hollows_hunter/releases/download/v0.3.9/hollows_hunter64.zip'
-$zipSha256_64 = 'f3ca153d51e32e892e2d8193307e5c75b82a3043072079fffa72c35c85d62bba'
+$zipUrl = 'https://github.com/hasherezade/hollows_hunter/releases/download/v0.4.0/hollows_hunter32.zip'
+$zipSha256 = '42773616f35e29929ece409e65a6706f78e7619c755d33dd2a9f25713d4b172b'
+$zipUrl_64 = 'https://github.com/hasherezade/hollows_hunter/releases/download/v0.4.0/hollows_hunter64.zip'
+$zipSha256_64 = 'a7267844674184319047b4874fe283535f623ee2d18dfb2704c541c7cdd7712d'
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -zipUrl_64 $zipUrl_64 -zipSha256_64 $zipSha256_64 -consoleApp $true
 
diff --git a/packages/pesieve.vm/pesieve.vm.nuspec b/packages/pesieve.vm/pesieve.vm.nuspec
@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>pesieve.vm</id>
-    <version>0.3.9.20240305</version>
+    <version>0.4.0</version>
     <authors>hasherezade</authors>
     <description>pe-sieve recognizes and dumps variety of implants within the scanned process.</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="pesieve" version="[0.3.9]" />
+      <dependency id="pesieve" version="[0.4.0]" />
     </dependencies>
   </metadata>
 </package>
diff --git a/packages/sqlrecon.vm/sqlrecon.vm.nuspec b/packages/sqlrecon.vm/sqlrecon.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>sqlrecon.vm</id>
-    <version>3.8</version>
+    <version>3.9</version>
     <authors>Sanjiv Kawa, Rasta Mouse</authors>
     <description>MSSQL toolkit for reconnaissance and post-exploitation</description>
     <dependencies>

diff --git a/packages/sqlrecon.vm/tools/chocolateyinstall.ps1 b/packages/sqlrecon.vm/tools/chocolateyinstall.ps1
@@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking
 $toolName = 'SQLRecon'
 $category = 'Exploitation'
 
-$exeUrl = 'https://github.com/skahwah/SQLRecon/releases/download/v3.8/SQLRecon.exe'
-$exeSha256 = '979e62d0b229c4e988ea4b655cd7d26a992c3eb1457c9418b6ac42ad79f4d756'
+$exeUrl = 'https://github.com/skahwah/SQLRecon/releases/download/v3.9/SQLRecon.exe'
+$exeSha256 = 'ec7cc5641356b27e2e4654e043382708d3fda1ede7989849f40832631e800566'
 
 VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256
diff --git a/packages/vscode.vm/vscode.vm.nuspec b/packages/vscode.vm/vscode.vm.nuspec
@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>vscode.vm</id>
-    <version>1.95.3</version>
+    <version>1.96.2</version>
     <authors>Microsoft</authors>
     <description>VSCode is a modern, open-source code editor.</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="vscode" version="[1.95.3]" />
+      <dependency id="vscode" version="[1.96.2]" />
     </dependencies>
   </metadata>
 </package>