HBIN Recon

HBIN Recon

HBIN Recon Changelog

v1.0.0.75

Released: 11-08-2024

  • General: Hunter module output now reflects VK record rather than non-resident data offsets

HBIN-Recon-v1.0.0.75.zip MD5 Hash = fbc0cc71d968c76041b4e53b009c2c9c

v1.0.0.74

Released: 11-04-2024

  • General: Improvements related to the experimental association of vk to non-resident data in Mode 2, including better handling of problematic scenarios including duplicated hbins

  • General: Changed the previous "Confidence" column to "vk_mapping_verified" and it is now applied to Hunter Module and vk-specific output

HBIN-Recon-v1.0.0.74.zip MD5 Hash = 4ee2789efb1aa3db286fb32107a3317b

v1.0.0.73

Released: 11-01-2024

  • General: Many improvements to experimental association of vk to non-resident data in Mode 2. Extremely powerful when dealing with carved (and especially unorganized) hbins. New columns “potential_mapping” and “Confidence” support this feature.

  • Hunter Modules: New Office MRU Hunter module which identifies Microsoft Office Most Recently Used information

HBIN-Recon-v1.0.0.73.zip MD5 Hash = fae9ba9ebe011cc2465c37b98c137698

v1.0.0.71

Released: 10-28-2024

  • Task Hunter: New records which include Triggers, Date, and Hash

  • Task Hunter: Adjustments to experimental Mode 1 Task Hunter support for associating certain non-resident data to its vk record

  • Task Hunter: Actions task_action identity is now split into a separate column, existing DynamicInfo created column is now created2, and last_run_result now includes a human-friendly description

HBIN-Recon-v1.0.0.71.zip MD5 Hash = e2c4d705a5c4d27e858b09aa9403e640

v1.0.0.69

Released: 10-25-2024

  • Hunter Modules: New Task Hunter module which identifies scheduled task information

  • Hunter Modules: Experimental Mode 1 Task Hunter support for associating certain non-resident data to its vk record

  • General: Improved Mode 1 when dealing with particularly small records

HBIN-Recon-v1.0.0.69.zip MD5 Hash = 4e0c3fd839c6a3130e15727e7a7a6f76

v1.0.0.68

Released: 10-21-2024

  • Hunter Modules: New MAC Hunter module which identifies MAC addresses with a focus on BSSIDs

  • General: Carving from any input (Mode 4) now supports loose hive bin records

  • General: Improved DB schema to cover both nk & vk timestamps as well as inclusion of all records when importing with SQL

  • General: Various bug fixes

HBIN-Recon-v1.0.0.68.zip MD5 Hash = 374720db6196c16bbbfd72a663775126

v1.0.0.62

Released: 06-04-2024

  • Hunter Modules: UserAssist Hunter now supports older Windows versions (XP onward)

  • General: Database import support with sample schema (useful for timelining)

  • General: Licensing system adjustment

  • General: Various bug fixes

HBIN-Recon-v1.0.0.62.zip MD5 Hash = 5a11f012e4eee6d653fd762b14dfa84f

v1.0.0.59

Released: 07-18-2022

  • General: Improved parsing performance and sk record validation

  • Secrets Hunter: Improved syskey detection and secrets decryption

v1.0.0.58

Released: 07-11-2022

  • Various performance improvements

  • Default logging is now less verbose

  • Fixed bug with (extremely) large output files

  • Various improvements in sk record handling

v1.0.0.57

Released: 06-28-2022

  • New Secrets Hunter module - extremely powerful identification and decryption of Windows secrets from SECURITY hives

  • Bugfixes which improve large input handling

  • Updated readme

v1.0.0.56

Released: 07-15-2021

  • New Syscache Hunter module

  • Experimental support for “Mode 2” (targets carved & stacked HBINs) full and partial nk path reconstruction, as well as nk and vk association