Skip to content

@scudette scudette released this Sep 30, 2019 · 21 commits to master since this release

This is the next point release for Velociraptor: 0.3.4

This release introduces many bug fixes and performance improvements. The main features in this release include the porting of the KapeFile repository into a single artifact. The KapeFiles rules are geared at forensic file collection for triaging. The Velociraptor artifact also implements VSS deduplication - retrieving all relevant versions of the files collected.

Also this release includes a number of interesting arifacts:

  • I30 scanning for recovering potentially deleted files.
  • Autoruns artifact - this artifact uses sysinternals autoruns to find potentially malicious programs. It is an excellent example of how third party tools can be integrated with velociraptor.
  • Kerberoasting collection - determines if a weak golden ticket is issued.

As always file issues on the bug tracker or ask your questions on our mailing list

Assets 7
You can’t perform that action at this time.