Skip to content

Releases: yarox24/EvtxHussar

EvtxHussar v1.8

16 Jun 17:26
@yarox24 yarox24
1.8
338ff7b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
EvtxHussar v1.8 Latest
Latest
  • New function: Chart generation (Event frequency distribution) - Live chart demo
  • Chart generation note: It' assumed that *.evtx files in the same directory got the "same" hostname (e.g. based on newest Security.evtx log)
  • Remove a panic() from lot of a code. Replaced with error message. Related to issue: #6
Assets 4
Loading

EvtxHussar v1.7

06 May 15:53
@yarox24 yarox24
1.7
8e8652a
Compare
Choose a tag to compare
EvtxHussar v1.7
  • Added SMB maps (SMB_ClientDestinations, SMB_ServerAccessAudit, SMB_ServerModifications)
  • Added 4 Event ID's to Accounts_UserRelatedOperations_Security
  • Added Event ID 1029 to RDP_TerminalServices_RDPClient_Operational
Assets 4
Loading

EvtxHussar v1.6b

14 Nov 20:52
@yarox24 yarox24
1.6
e09a063
Compare
Choose a tag to compare
EvtxHussar v1.6b
  • Added XOR encryption flag (--scriptblockxor) for reconstructed PowerShell scriptblocks (to prevent their deletion by AV)
  • Added --includeonly, --excludeonly to better control which maps will be filtered from execution (as a preparation for Velociraptor plugin)
  • Removed map: ActiveDirectory Computer Accounts
  • Added map: Audit - Policy change
  • Added map: Boot up/Restart/Shutdown
  • Enhancing GroupMembership field by SID List names
  • Added append_to_field() function
  • Added keywords to support better Security Events (Success/Failure)

Version 1.6b changes:

  • Minor fix related to --scriptblockxor option
Assets 4
Loading

EvtxHussar v1.5

23 Jul 12:51
@yarox24 yarox24
1.5
fe7e7dd
Compare
Choose a tag to compare
EvtxHussar v1.5
  • Support for Windows Defender AV logs
Assets 4
Loading

EvtxHussar v1.4

17 Jun 16:40
@yarox24 yarox24
1.4
961e30b
Compare
Choose a tag to compare
EvtxHussar v1.4
  • Support for RDP logs
  • Support for Windows Firewall logs
  • Introducing Logic engine (for. example event 4624 with Logon Type 10 is appended to RDP log)
  • Support for Symantec Network Protection logs
  • Minor fix for loading .evtx files
Assets 4
Loading

EvtxHussar v1.3

08 May 18:18
@yarox24 yarox24
1.3
d9d14a7
Compare
Choose a tag to compare
EvtxHussar v1.3

Changes:

  • Support for WinRM logs
  • Better handling of dirty .evtx files
  • Fixed Linux powershell scriptblocks directory creation permissions
  • OrderedDict case-insensitive errors
Assets 4
Loading

EvtxHussar v1.2

01 May 09:47
@yarox24 yarox24
1.2
4eb2abd
Compare
Choose a tag to compare
EvtxHussar v1.2

Changes:

  • Support for logon related events
  • Excel now split output to multiple files when exceeding million of rows
  • Minor time changes (Appending zeros)
Assets 4
Loading

EvtxHussar v1.1a

28 Apr 17:36
@yarox24 yarox24
1.1a
6310615
Compare
Choose a tag to compare
EvtxHussar v1.1a

Changed name convention of Windows executable

Assets 4
Loading

EvtxHussar v1.1

27 Apr 16:41
@yarox24 yarox24
1.1
3ed6f04
Compare
Choose a tag to compare
EvtxHussar v1.1

Changelog:
Fixed wrong EventTime present in all events.

Assets 4
Loading