Skip to content

v1.2.0
Compare
Choose a tag to compare
@github-actions github-actions released this 27 Apr 08:04
· 371 commits to master since this release
v1.2.0
db32f89
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release Notes

New features

  • filament for identifying an executable or script file remotely downloaded via a TeamViewer transfer session
  • reverse DNS lookups
  • function support in filters and initial cidr_contains and md5 functions
  • dip.names and sip.names filter fields
  • unary not operator in filters
  • matches and imatches string matching operators
  • make the use of fields possible in both LHS/RHS filter expressions
  • full and slim MSI-based Windows installers

Enhancements

  • introduce a new file.extension filter field
  • documentation website tweaking
  • make all string operators evaluable against lists
  • tests refactoring
  • satisfy all code linters
  • upgrade to the latest go-yara package
  • improvements in the handle interceptor when publishing deferred CreateHandle events
  • reduce the pressure on the TdhGetPropertySize API call for static parameter types
  • prettify fibratus version output
  • modularize and improve signal handling

Bug fixes

  • circumvent data races in kcap reader/writer
  • prevent data races in the AMQP connection
  • yara scanner should allocate a new scanner for each run
  • fix RecvUDPv4 event type GUID
  • the handle interceptor should return the CloseHandle event when entering the deferred map
Assets 4
Loading