Changelog ZAIUX® Evo

Segui l’evoluzione di ZAIUX® Evo, scopri le ultime modifiche pubblicate e le nuove funzionalità aggiunte che lo rendono sempre più potente e versatile.

v2.6.1

2024-04-04
  • Optimized choice of password spraying targets
  • Improved sandbox detection
  • Optimized AD enumeration in case of partial results
  • Removed GPO-related techniques due to possible stability issues
  • Minor UI and report fixes
  • Fixes in browser password parsing

v2.6.0

2024-03-16
  • Extended Ransomware simulation with encryption of files in all the visible shares for all the computers with running implants
  • Added alternative deploy method via Powershell command
  • BAS timing optimizations
  • New optional Site-related contact info

v2.5.2

2024-03-06
  • New technique "Kerberos tickets enumeration"
  • New technique "Pass the ticket"
  • New technique "Spooler service enumeration"
  • New technique "Unconstrained delegation"
  • New technique "WinSCP credentials enumeration"
  • Improved situational awareness technique to gather information about Active Directory groups and computers
  • Report improvements

v2.5.1

2024-02-15
  • Optimization of the report to exclude long outputs from some low-severity techniques
  • Improvement of the Resilience section in the report to also show resilient users
  • Fixes for handling agents in sandboxes

v2.5.0

2024-02-10
  • Integration of ZAIUX Evo and ZAIUX Framework: now ZAIUX Framework users can configure the BAS indicating an on-prem team server, which inherits the status of the BAS, as well as its active agents, to continue the activities with a human Red Team.

v2.4.0

2024-02-04
  • Added support for scenarios in which no complete AD enumeration can be performed
  • Added a situational awareness technique to gather information about the domain and the domain controller
  • Updated various techniques to gather additional contextual information

v2.3.12

2024-01-23
  • Machine Account Quota discovery attack
  • Bug fixes

v2.3.11

2024-01-19
  • Added exploitation of multiple ADCS Certificate templates
  • Improved handling of AD and local users in technique outputs
  • Updated Attack planning criteria on newly spawned agents
  • Minor fixes on attack techniques

v2.3.10

2024-01-11
  • Minor bug fixes on attack techniques
  • Improvements on cryptographic key management

v2.3.9

2023-12-13
  • New password spraying technique
  • Direct management of excluded machines with no IP range and exclusion input fields
  • Bug fixes

v2.3.8

2023-12-01
  • Improved LSASS dump attack with PPL check

v2.3.7

2023-11-28
  • Minor optimizations and bug fixes

v2.3.6

2023-11-13
  • Updated SMB implant
  • Updated attacks that involve SMB implant

v2.3.5

2023-11-07
  • Display of only the most relevant hosts in the Graph View for large networks

v2.3.4

2023-11-06
  • New UAC Bypass technique
  • Bug fixes