------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.6.1.2 - Resurrection - Bug Fix

======================================
Bug Fixes
======================================
1. Fixed a bug in sharpinline where version v2 was not working with v4 CLR. Now Both v2 and v4 dotnet code can be run in v4 CLR unlike previously where it returned an error stating v2 is not supported in v4.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.6.1.1 - Resurrection - Beta Feature Release

======================================
Ratel Server and Badger
======================================
1. Added scstart command to start local and remote services using winapi

======================================
Bug Fixes
======================================
1. Fixed screenshot download over fronted domain
2. Fixed process output listing for badgers which did not show other user processes sometimes 
3. Removed trailing spaces in commands mistakenly added by the user in commander
4. Added automatic addition of \\ in the 'cd' command

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.6.1 - Resurrection - Beta Feature Release

======================================
Ratel Server and Badger
======================================
1. Added shadowcloak feature which extracts lsass dump and reroutes the dump to server without touching disk

======================================
Bug Fixes
======================================
1. Fixed badger count issue where logs were loading up in the same log for new connections on badger restoration
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.6.0.3 - Resurrection - Bug Fix

======================================
Bug Fixes
======================================
1. Added patch to load png files instead of jpeg for badgers

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.6.0.2 - Resurrection - Bug Fix

======================================
Bug Fixes
======================================
1. Fixed Crisis monitor bugs to find attached battery

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.6.0.1 - Resurrection - Bug Fix

======================================
Bug Fixes
======================================
1. Added ExitProcess to reflective dlls so that the process does not crash
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.6 - Resurrection

======================================
Commander
======================================
1. Added random listener name generation during new listener creation
2. Added Bind IP drop down box instead of having to enter the IP manually
3. Added option to auto-select bind host as the rotational host
4. Added Payload Generation Architecture GUI support to the context menu of listener and to the payload profiler. Replaced buttons in the payload profiler with a dropdown box
5. Added search and ldapquery option directly to the badgers terminal
6. Modified help output on screen to show affected and supported cmds for every command
7. Merged Scratchpad and Warmongers/Chat tablewidget
8. Added dark faded colors to mark the payloads which are dead
9. Added UTC to local date conversion support for last check in and useractivity
10. Added autohide button which hides all dead badgers. Badgers marked as dead and exited will automatically be hidden when this is enabled.
11. Removed Add URI since the core listener was enhanced to allow badgers to connect to any URI, and at the same time also providing the option to filter out the response to those URIs which can be done by adding custom html pages to a URI
12. Added Load adjacent tab, exitthread and exitprocess option to the context menu of badger.
13. Modified BadgerQParser to show pending commands. Command Queue will only show the main commands in queue instead of showing the full command with the file buffer (for file uploads/sharp/ps reflects)
14. Added saving the last used folder in memory for saving files via Commander
16. Badger's terminal will show more info, unlike before which only showed the PID and BID
17. Added Export to CSV option to Useractivity. Useractivity shows MITRE mappings along with every command executed
18. Single Commander file for all types of Linux distro

======================================
Ratel Server and Badger
======================================
1. Added position independent code for x86
2. Added x86 reflective dlls for badger modules
3. Added Token Vault feature which can store multiple stolen tokens using the 'grab_token' command
4. Added Sharpinline command to execute C sharp code without new process generation
5. Sharpreflect and Sharpinline now use a randomly generated appdomain everytime instead of the default app domain
6. Added 'coffexec' which has heavy support for Beacon Object Files of Cobaltstrike. Supported internal APIs are BadgerDispatch, BadgerDispatchW, BadgerStrlen, BadgerWcslen, BadgerMemcpy, BadgerMemset, BadgerStrcmp, BadgerWcscmp, BadgerAtoi functions. Entrypoint for coffexec is coffee
7. Added 'list_modules' command to list loaded DLLs in the current process or target process
8. Added 'list_exports' command to list exports of a given DLL
9. Added 'memhunt' command to hunt for memory regions in current or target process with any page permissions
10. Added 'suspended_run' to create a new process in a suspeneded state
11. Added 'crisis_monitor' feature which can add an event to monitor changes in power status, user login and log off for terminal session monitoring and more
12. Added 'set_killdate' and 'get_killdate' commands to auto kill badger on a given date in the RFC822 format
13. Added exit thread and exit process functionality. If a shellcode is injected in a process, the exitthread will only exit the thread and not the full process.
14. Added more detailed information on the 'ps' command (process listing)
15. Modified tcp scans to support port-range scanning and print output dynamically
16. AMSI/ETW patching will now only patch if the CLR version is 2.0.
17. Removed objexec, get/set_objexec since coffexec performs a better job at executing object files
18. Updated help with supported and affected commands
19. Added feature to mark dead badgers which do not connect back. This can be used to filter out dead badgers
20. Removed Adversary Simulations code since Clickscripts replaces the Adversary Simulation option
21. Added badger's connection notification to Socks (Boomerang)
22. During payload/rdll injection, the badger will automatically find which is the current payload type: x86 or x64 validation, and generate payload according to the architecture for injection
23. Added logging for psexec, upload and download which logs the name, path and hashes for every file uploaded or downloaded
24. Added Brute ratel sample profile generator and parser which can be used with the '-sp' command
25. Modified psreflect and sharpreflect with the new code. The newly generated code is only 30kb in size
26. Fixed 'wmispawn' example in the help options
27. Updated Go Compiler to 'go1.16.6 linux/amd64'
28. Added RC4 encryption support alongside AES256 and RSA to encrypt selected sensitive strings in memory
29. Added option in the ratel server to create sample configuration
30. Changes were make to the command registration in badger profiles. Need an additional "arch":"x64" or "arch":"x86" in the profiler to validate the type of the payload command registered
31. The 'dcsync_inject' command is now removed since there are already 'dcsync' and 'mimikatz' command, both of which can perform DCSync.

======================================
Bug Fixes
======================================
1. Added bug-fix to change payload-profiler password when listener password is changed.
2. Fixed a bug which always showed 'regular' auth in the listeners table instead of the OTA where needed
3. Fixed download percentage bug in badgers.
4. Renamed spelling mistake of 'arguement' to 'argument' in the terminal commands

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.5.0.3 - Syndicate

======================================
Bug Fixes
======================================
1. Fixed 'Camouflage' bug where the Camouflage was not getting injected due to changes in the PE Header
2. Fixed a bug in the 'autosave' feature which was printing 'profile not saved' even after saving the configuration file.
3. Fixed a post response bug for deauthenticated badgers and custom root page.
4. Fixed crashing of socksbridge upon taking an extremely long useragent

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.5 - Syndicate

======================================
Commander
======================================
1. Modifed user interface to make it a smoother experience for the user. Moved Downloads, LdapSentinel, AdvSim and other UI to dock widgets.
2. Added Watchlist window for logging events, web activity, warmongers activity and chat window. Removed 'Archives' tab and integrated 'Downloads' and 'View Logs' tab seperately.
3. Modified user inteface for Ldap Sentinel.
4. Added Click Scripting feature to automate execution of badger commands in bulk.
5. Removed samdump, shadowclone and other one-click tasks from right click of badger since these are one-click commands which can be executed directly from the badger's terminal or from Riot Control.
6. Remapped error box popups to errors only prompting in the UI as a text. Added PowerShell payload generation capability which can be accessed from Commander's Payload profiler or by Right Clicking a listener.
7. Added Splitters to resize dock widgets.
8. Added Downloads broadcast feature. As soon as new files are downloaded, the downloads tab will popup automatically.
9. Added 'Autosave' button to automate saving of Brute Ratel's configuration file. All badger initialization information will be stored in the config file inclusive of tokens used by badgers for authentication.
10. Statistics are now moved to the bottom right part of the page

======================================
Ratel Server and Badger
======================================
1. Added custom exported function hunter in replacement of GetProcAddress. None of the badger commands use GetProcAddress anymore.
2. Added PowerShell Payload generation capability which can be accessed from Commander's Payload profiler or by Right Clicking a listener.
3. Added 'pivot_winrm' functionality which can be used pivot across systems using winrm without dropping any payload to disk. Badgers using pivot_winrm will be executed in memory.
4. Added WMISpawn feature which can be configured to run with custom WMI namespace and user credentials to run WMI queries in memory without creating any new process.
5. Ported Ldap Sentinel from clang to mingw. Reduced the size of reflective DLL from 245 kb to 38kb in memory
6. Added 'raw query' mode for Ldap sentinel which can be used to perform raw ldap queries.
7. Ported 'mimikatz' functionality. Mimikatz can be loaded with badger's loader with stripped PE Sections to avoid detection in memory.
8. Bruteratel contains 2 customized versions of DCsync, one which uses tokens generated from passwords and one which uses process tokens. Both of them work independently from the 'mimikatz' command.
9. Added portscan functionality to scan a given host with multiple port numbers.
10. Added share enumeration feature which takes in a given hostname and can check for privileges on the host and show available shares.
11. Added AMSI patching and EtwEventWrite patching to psreflect and sharpreflect commands; Fixed dotnet CLR loading prompt for for CLR 2.0 for psreflect/sharpreflect.
12. Added new x64 Loader for RW+RX permissions. Modified Shellcode for VirtualAlloc+CreateThread. All reflective loaders were rewritten from scratch to avoid leaving any artefacts in memory.
13. Added Click Scripting feature to load commands from a json file to automate execution of badger commands in bulk.
14. Modified 'upload' command for enhanced upload speed.

======================================
Bug Fixes
======================================
1. Fixed Regsitry query for REG_BINARY which did not return binary text response. 
2. Fixed bug where 'rootpage' was unable to load custom rootpage on the base URL of a listener.
3. Fixed shellcode crashing on older windows 7 versions which did not have combase.dll. Replace combase.dll functionality from the functions in ole32.dll for windows 7, 2012 and 2008 servers.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes (minor update) for 0.4.2 - Chaos Theory

======================================
Ratel Server and Badger
======================================
1. Brute Ratel can now block non-microsoft DLLs from loading into the injected process. The dll_block and dll_unblock can respectively enable and disable DLL blockings into remote processes.

======================================
Bug Fixes
======================================
1. SMB pipe name in Edit Payload Profiler used to add "\\.\pipe\" automatically. In the current release, this will not be added directly. This is only for Edit Payload Profile option
2. Earlier Listener names was able to use spaces, but this broke payload profiler which did not accept spaces. From this release, the spaces in listener name will be automatically replaced with a hyphen.
3. There was a bug in the graphing script which incorrectly loaded the graphs for the listeners. This is now fixed in the current version

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Release notes for 0.4.1 - Chaos Theory

======================================
Commander
======================================
1. Added Adversay Simulation UI to Commander. Commander can load a simulation config from a json file via ratel server to load a set of commands for simulation. A sample configuration file and artefacts for APT33 group is stored in the simulations directory
2. HTTP Payloads can be generated directly by right clicking the listener now. For every new listener created, a new payload profile will automatically be added to the payload profilers list.
3. Listener creation has a direct option to add useragent, extra headers for payload and rotational redirectors.
4. Moved listener auth to right click of listener->listener actions->view authentication.
5. Added enter button to go to next line on the username/password page and the login button now accepts enter button.

======================================
Ratel Server and Badger
======================================
1. Added Adversary Simulation Profiler. A user can create a json based simulation profile which includes commands to simulate a threat actor
2. Added SSL keys as mandatory in the command line parser.
3. Changed the 'driver list' command to 'drivers'
4. Added several process injection and memory allocation techniques. New commands 'set_malloc/get_malloc' and 'set_threadex/get_threadex' can be used to change memory allocation and execution artefacts.
  - Memory Allocation for Process Injection
    - VirtualAllocEx, WriteProcessMemory
    - NtCreateSection, NtMapViewOfSection, RtlCopyMemory
  - Thread Execution for allocated Memory
    - CreateRemoteThread
    - RtlCreateUserThread
    - QueueUserAPC, ResumeThread
    - QueueUserAPC, NtResumeThread
    - QueueUserAPC, NtAlertResumeThread
    - NtQueueApcThread, ResumeThread
    - NtQueueApcThread, NtResumeThread
    - NtQueueApcThread, NtAlertResumeThread
5. Added 'scdivert' feature which can change the service binary path for an existing service. EDRs service configuration can be changed and the system can be rebooted to disable EDRs altogether. This will only work for those EDRs which do not hook their own registry to look for changes
6. Added 'psgrep' feature which can search a process from process list and only return a specific process. The 'ps' command still exists if you want to take a look at all processes. This feature was added to quickly search for a process and inject a shellcode/payload config to that.
7. Added 'ipstats' feature which returns a more detailed output than 'ipconfig' of windows. This command returns network related information including names of VPN adapters, their IP addresses, gateways and other DNS/Adapter information.
8. Added contact_harvester command to extract and dump contacts from Outlook's Global Address List.
9. Updated server conf sample profile to server_confs folder
10. Creating a new listener via profile file or via GUI will now automatically create a payload profile for the same listener.
11. Brute Ratel is now built for kali and ubuntu seperately since kali has the latest C++ libraries. You find both the versions in the Brute Ratel directory with the same naming convention.

======================================
Bug Fixes
======================================
1. Fixed Android Handler bug to read Unicode output from the websocket of ratel server
2. Fixed Commander Handler bug to read Unicode output from the websocket of ratel server
3. Fixed Ratel Server's bug to read Unicode output from the HTTP request of badgers
4. Fixed error handling for the ratel server. Parses input in a more optimized and a faster way.
5. Fixed ratel server crash for error handling.