v3.1.10

Nothing really, messed up some stuff in my git bad skillz

v3.1.9

• Add some tests 92e4ae4 (Still need some work to do, but better than nothing :))
• Expiration time in ticket filenames f088fed & bc31c0e
• Update EDRSandBlast module 041b91c
• Fix deployement of tests by @noraj #85
• Fix pretty output (and nice code refactor) by @n3rada #88

v3.1.8

Hot fixes on new logging capabilities

• Fix table output
• Compatible with python < 3.11
• Handle --no-color parameter

Version 3.1.7

Merge #79 : Update logging mechanism so now it creates a logger, and it doesn't use the default logging object. Thank you @Marshall-Hallenbeck for this great clean up!

Version 3.1.6

• Update Pypykatz min version to get full results
• Minor changes & fixes

Version 3.1.4

• Add SilentProcessExit method
• Fix double output issue
• Fix hard coded /tmp path in EDRSandBlast dump method for Windows compatibility

Version 3.1.3

Hot fix

When using --no-masterkeys flag, no credentials would be returned.

Change default

Default was to display masterkeys. Now, flag --masterkeys needs to be used.

Version 3.1.2

Improvements

• Add usable TGT in credentials output
• TGT are automatically dumped and saved locally
• Add SQLDumper method (Thanks Luis Rocha for SQLDumper technique)
• Add nanodump_ssp dump method (#70 thanks to @snovvcrash)
• Add rawrpc dump method (#74 thanks to @3gstudent)
• Dissociate output and file format (#69 thanks to @D-XIII)
• Add masterkeys in output (#71 thanks to @zblurx)
• It's now possible to chain multiple commands on remote host to dump lsass (see comsvcs_stealth.py for example)
• Add --keep-dump parameter to keep lsass dump (no delete)
• Add --no-color parameter to disable colored output (maybe useful for Windows)

Thank you @snovvcrash, @3gstudent, @D-XIII and @zblurx for your contribution!

v3.1.1

Small update

Improvement

• Add rdrleakdiag_time option for custom wait time for rdrleakdiag method

Fix

• Fix issue where n.exe is the same for all threads for EDRSandBlast method

Version 3.1.0

Features

• Add --copy parameter to copy "cmd.exe" or "powershell.exe" to C:\Windows\Temp with a random name before using them for command execution
• Add EDRSandBlast dump method from th3m4ks and Qazeer technique. It will upload their executable, and the vulnerable driver to remove EDR kernel callbacks, dump lsass, and restore EDR kernel callbacks.
• Add nanodump method from s4ntiago_p
• Add Rdrleakdiag technique technique from 0gtweet

Improvements

• Refactor dependencies to make it easier to create new dump modules based on compiled tools
• Possibility to host tools on a SMB server and provide the share path to lsassy
• Automatic listing of dump methods and execution methods in help
• Update comsvcs_stealth technique using cyb3rops tweet info