Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 31 million developers.Sign up
This is the next release of Velociraptor.
This release brings many improvements to scalability and efficiency. The main features are:
- Velociraptor can now use self signed SSL for all connections (gRPC, client/server and GUI).
- Velociraptor can now dump process memory using the proc_dump() VQL plugin.
- Implemented exported files which are included in artifacts verbatim.
- Added the ability to set artifact parameters in GUI.
- Velociraptor can now collect dns query logs on the end point and stream to the server.
- Client side throttling allows heavy collections on the endpoint with minimal performance impact.
- Flow completion notifications allow VQL queries to track completed flows.
- Python bindings added.
- Console added for command line completion of VQL queries.
- VBA macro extractor can dump VBA macros from office documents.
- A fifo() VQL plugin allows to write artifacts with time detection (e.g. detect a successful login after 3 failed ones).
- Prometheus metrics
- Authenticode support.
- All connections now use TLS - gRPC API is always using TLS now.
- Updated license to AGPLv3.
- Window and macOS binaries are now signed.