← Back to Blog

Developer Roll Up: October 2020

Picture of Christoper Luft, LimaCharlie Co-Founder and Creative Technologist

Christopher Luft

Developer Roll Up: October 2020

The team at LimaCharlie has been busy! We have been growing our ranks and putting the development pedal to the metal. Along with the bigger features that we are regularly rolling out lots of little quality-of-life improvements are being made all of the time. Keeping everybody aware of the ongoing enhancements through a monthly blog post seems like a great idea and so we present you with the first monthly feature roll-up. Basically at the end of every month we will publish a blog article with a high-level overview of all of the new features and improvements.

Feature requests and general inquiries can be directed here: limacharlie.io/user-ticket

PagerDuty and Twilio Services

Two new services allowing for the creation of alerts/messages on the following platforms:

These are designed to be mainly used as part of D&R rule actions to trigger escalation of an alert. They can also be used by other Services.

Sensor v4.21.3 Comes with New Super Powers

The new version of the agent comes with the ability to use scripts (like .bat) as Payloads, along with a small performance tweak.

The ability to run a script is provided by adding the ability to set the file extension of the payload. This is done by adding the extension to the Payload name. For example, if you create a new payload named extract everything.bat, the temporary name of the Payload when sent to the endpoint will end with .bat which will make Windows interpret the Payload as batch file. This mechanism should allow the execution of any file type associated with execution on the endpoint. It is the equivalent of starting a shell and just "calling" the payload.

Dumper Service now supports dumping the MFT on Windows

We've added a new option, target to the Dumper Service. This option supports memory (the default) and mft. The MFT dumping behaves the same way as memory, except that it dumps the MFT as a pipe-delimited CSV file of type mftcsv in the Artifact Collection system.

Artifact Collection Parsing for MFTCSV and CSV Types

The Artifact Collection systems has two new parsers: mftcsv and csv. This means you can write D&R rules on the contents of the MFT dump announced above. The generic csv type will parse any CSV file, assuming the first line is a header definition of the columns.