Features:
- Detection for RunEx registry key added
- Detection for RunOnceEx registry key added
- Detection for .NET startup hooks added Fixes:
- Fixed a bug which prevented the detection of CmdAutoRun from working as intended.
Fixes:
- Fixed a bug which prevented -DiffCSV from working as intended.
Features:
- Detection for Office AI.exe hijacking
- Detection for Service Control Manager Security Descriptor tampering
- Detection for Explorer Context Menu hijacking Fixes:
- Fixed handling of system environment variables in the registry
- Fixed the bug in which the script blocked if one of the remote computers was not reachable
Features:
- Added the possibility of passing a Virustotal API key and check if the hash of the detected file is known.
- Malicious Office Templates are now detected
- New license has been implemented.
Fixes:
- Fixed 3 lines of code dealing with minor bugs
Features:
- Added the following persistence techniques:
- Screensaver
- BITS JOb NotifyCmdLine
- Power Automate
Features:
- Added the following persistence techniques:
- AMSI Providers
- Powershell Profiles
- Silent Exit Monitor
- Telemetry Controller Commands
- RDP WDS Startup Programs
- Scheduled Tasks Fixes:
- Fixed minor typos here and there
Fixes:
- the PSM1 is now also signed (it was not in v1.7.0)
Features:
- add support for accessibility tools backdoor detection
Features:
- add support for RDP InitialProgram detection
Features:
- added the
PersistenceMethodparameter in order to selectively check for one persistence technique at a time
Features:
- the module is now digitally signed with a valid code signing certificate
Features:
- a number of new persistence checks have been implemented
Features:
- WMI event subscriptions persistence check has been implemented
Beta release