Changelog ZAIUX® Evo

Segui l’evoluzione di ZAIUX® Evo, scopri le ultime modifiche pubblicate e le nuove funzionalità aggiunte che lo rendono sempre più potente e versatile.

v2.7.4

2024-07-23
  • Improved RDP client credentials attack
  • Added ADCS ESC4 vulnerbale certificate template discovery

v2.7.3

2024-07-15
  • Added material to the Partner Program page
  • Added download button for the English version of the datasheet

v2.7.2

2024-07-12
  • Added 3 new Active Directory health check tests
  • Improved queries for AD enumeration
  • Optimized planning policies for some techniques
  • Updated malware for initial deployment
  • Updated UAC-bypass techniques for local privilege escalation

v2.7.1

2024-07-03
  • Fixed duplicated LPE attack description
  • Optimized readability of some techniques' result
  • Added new tests to the active directory health check
  • Improved CAs parsing
  • Minor bugfixes

v2.7.0

2024-06-25
  • New partner area available on the dashboard
  • In-memory PE execution updated to evade specific edr detections
  • Improved implant stability
  • Minor bugfixes

v2.6.13

2024-06-20
  • Optimizations for information gathering techniques regarding local privileges and processes
  • Improved stealthness of RDP credentials download

v2.6.12

2024-06-18
  • Improved ADCS vulnerable certificate templates discovery and description

v2.6.11

2024-06-17
  • Updated keying mechanism
  • Optimized preliminary EDR detection phase
  • Fixed a memory allocation bug during process enumeration
  • Minor updates for technique descriptions in the report
  • Minor bug fixes

v2.6.10

2024-06-11
  • Added new technique: GPP Credentials Extraction
  • Improved Lateral Movement abusing Remote Desktop Protocol
  • Added various evasion features
  • Improved stability
  • Minor bugfixes

v2.6.9

2024-06-04
  • New technique Certify Pre-Owned ESC3
  • Improved data analysis for ADCS certificate templates during the AD enumeration phase

v2.6.8

2024-05-24
  • Fixed a race condition during sleep obfuscation phase which caused the Implant to hang
  • Improved thread stack spoofing at-rest

v2.6.7

2024-05-21
  • Optimized LDAP queries during the AD enumeration phase
  • Improved data analysis for ADCS discovery during the AD enumeration phase

v2.6.6

2024-05-13
  • Internal refactoring
  • Minor report optimizations

v2.6.5

2024-05-06
  • Chart added to the report
  • Context Analysis bypass improved during Sleep Obfuscation
  • Added enhanced CFG Bypass support
  • Various bugfixes

v2.6.4

2024-04-30
  • New lateral movement technique leveraging AppDomain injection
  • Improved Active Directory enumeration via custom dotnet collector
  • Improved ldap query parsing
  • Added detailed information about abused protocols during lateral movement
  • Report visualization improvement
  • Minor bug fixes

v2.6.3

2024-04-22
  • Improved parsing of ldap queries
  • Bug fix in local privilege escalation technique 1

v2.6.2

2024-04-19
  • Added support for lateral movement leveraging local administrators
  • Added compromised domain users list to the report
  • New plots in report
  • LDAP query optimization
  • New attack leveraging Constrained Delegations
  • Improved realism of Ransomware Simulation with additional encrypted files
  • Optimized Etw evasion
  • Added button for changelog and technical datasheet (ITA only)

v2.6.1

2024-04-04
  • Optimized choice of password spraying targets
  • Improved sandbox detection
  • Optimized AD enumeration in case of partial results
  • Removed GPO-related techniques due to possible stability issues
  • Minor UI and report fixes
  • Fixes in browser password parsing

v2.6.0

2024-03-16
  • Extended Ransomware simulation with encryption of files in all the visible shares for all the computers with running implants
  • Added alternative deploy method via Powershell command
  • BAS timing optimizations
  • New optional Site-related contact info

v2.5.2

2024-03-06
  • New technique "Kerberos tickets enumeration"
  • New technique "Pass the ticket"
  • New technique "Spooler service enumeration"
  • New technique "Unconstrained delegation"
  • New technique "WinSCP credentials enumeration"
  • Improved situational awareness technique to gather information about Active Directory groups and computers
  • Report improvements