Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync to head #2034

Merged
merged 26 commits into from
Aug 30, 2022
Merged

Sync to head #2034

merged 26 commits into from
Aug 30, 2022

Conversation

scudette
Copy link
Contributor

No description provided.

scudette and others added 26 commits August 16, 2022 12:58
@scudette
Refactor of oauth code (#1993)
3e3abd2 
Make cookie and JWT expiry configurable
@scudette
Send a System.Upload.Completion event on server artifact upload (#1995)
a636c52
@scudette
Fixed CSS to make column selector more visible (#1996)
1631779
@scudette
Added new GUI column type for tree (#1997)
20aed3c 
* Used by process_tracker_tree() to build a process tree
* Fixed linux pslist() which was very slow due to including a lot of
  unnecessary and expensive fields. We now only return the commonly
  used fields
@svch0stz @scudette
Collect domain role info on interrogate (#1998)
433ebe6 
* Collect domain role info on interrogate

If populated on check in, domainrole can be used to auto-tag or filter down for certain hunts (ei: Domain controllers)

Ref: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-computersystem#:~:text=workgroup%20is%20returned.-,DomainRole,-Data%20type%3A

* Cleaned up domain role lookup and added a notebook suggestion

Co-authored-by: Mike Cohen <mike@velocidex.com>
@jeffmahoney
api/authenticators: fix handling of missing oauthstate cookie for OAU…
405a7b3 
…TH2 (#2000)

I was able to crash Velociraptor by requesting the github authenticator
callback URL directly with e.g. curl https://vrrserver/auth/github/callback

It turns out that there was no error handling if there is no 'oauthstate'
cookie provided as part of the request and we hit a nil pointer
dereference panic.  The Google and Azure authenticators had the same
issue.

This commit fixes all three and resolves #1999.
@scudette
Fixed bug in UserAccessLog artifact (#2008)
3a26acf 
- IP field was not properly parsed - replaced with a parse_binary()
  version to ensure backwards compatibility.
- By default parse_ese() was using the "file" accessor which in 0.6.5
  was changed to not fallback to NTFS parsing. This means that since
  UAL files are locked, the parser was unable to access them. This PR
  sets the accessor to be "auto" explicitly thereby forcing the ntfs
  parsing if needed.
@baileys20055
Update UserAccessLogs.yaml (#2009)
2f815d6 
Added rolename mappings and updated details.
@scudette
Fixed crash in api_client command (#2010)
af788f8 
Also allow the query command to specify an org id.
@weslambert
Capitalize 'i' in config generation output (#2012)
112a043
@scudette
Added all() and any() VQL functions (#2013)
9d91d02 
This makes it more efficient and simpler to filter by large number of
regex without adding a lot of AND clauses to the query.
@scudette
Fix sense of multiple regexp in all() function (#2014)
ffbf3f4 
Now all regex must match all items.
@scudette
Cater for unknown parents in process tracker. (#2015)
ed1fa47 
When performing a full sync (e.g. pslist), some of the processes have
no valid parent at this time (because the parent e.g. exited).

We need to mark those unknown parents in case a new process reuses
those pids - in this case the process call chain can accidentally
include those parents.
@scudette
Bugix: Raw file accessor had different behaviour on Windows (#2018)
93aa794
@scudette
Refactor code to propagate the context in more cases. (#2019)
2e179e5 
* Refactor code to propagate the context in more cases.

* Fixed tests
@mgreen27
update to clean up null fields (#2020)
e98d63b 
* update to clean up null fields
* update to clean up null fields tests
@mgreen27
Add embedded stager parse usecase (#34) (#2023)
930038c 
* Add embedded stager parse usecase

* Add some test fixes

* Add test results

* Add test fix
@scudette
Update Linux pslist() to use CommandLine column (#2024)
91a7581 
This brings it in line with the same column name on Windows.

Also fixed a crash in user_grant() due to insufficient error
checking.

Fixes: #2022
@scudette
Bugfix: Switch GUI to first available org (#2025)
8a50b1d 
When a user is created with no access to the root org, the GUI did not
automatically switch the user to their own org. This caused an issue
where the user was rejected (because by default they were trying to
access the root org) but there was no way to switch even manually to
the correct org.

This PR updates the user's preferences to the first available org
automatically allowing the user to log in and select other orgs
manually.
@scudette
Refactor client monitoring API to use service (#2027)
11e9190 
Also made maximum VFS directory size configurable.

Fixes: #2005
@scudette
Added regex protocols for int, float etc. (#2028)
e8ba691
@scudette
Bugfix: Maintain field order in sysmon based tracker (#2030)
a1c6351 
When following ETW the EventData is an unordered map so we need to
explicitly build a dict() to maintain consistent ordering.

Also fixed bug in USN artifact
@scudette
Bugfix: watch_usn() was not flushing the mft LRU properly (#2032)
0cd9c83 
This caused it to stop emitting rows after a while because it was
unable to see new data.
@snyk-bot
[Snyk] Upgrade ace-builds from 1.8.1 to 1.9.3 (#2033)
fabbaf0 
fix: upgrade ace-builds from 1.8.1 to 1.9.3

Snyk has created this PR to upgrade ace-builds from 1.8.1 to 1.9.3.

See this package in npm:
https://www.npmjs.com/package/ace-builds

See this project in Snyk:
https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr
@scudette
Merge remote-tracking branch 'origin' into HEAD
e435b19
@scudette
Prepare for the 0.6.6-rc2 release
08d3af2
@CLAassistant
Copy link

CLAassistant commented Aug 30, 2022
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
6 out of 7 committers have signed the CLA.

✅ scudette
✅ jeffmahoney
✅ svch0stz
✅ weslambert
✅ mgreen27
✅ baileys20055
❌ snyk-bot
You have signed the CLA already but the status is still pending? Let us recheck it.

@scudette scudette merged commit edc1369 into v0.6.6 Aug 30, 2022
@scudette scudette deleted the 0.6.6-merge branch August 30, 2022 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@scudette @CLAassistant @svch0stz @jeffmahoney @baileys20055 @weslambert @mgreen27 @snyk-bot