Changelog

Version 1.1.0 (September 2025)

New Features & Improvements

Windows Prefetch Analyzer: Complete analysis of Windows Prefetch (.pf) files with execution timeline reconstruction, LOLBIN detection, volume analysis, and anomaly identification
Windows Registry Hive Analyzer: Comprehensive analysis of Registry hives (NTUSER.DAT, SYSTEM, SOFTWARE, SAM, SECURITY) with persistence mechanism detection, user activity analysis, and forensic artifact extraction
YARA-X Rule Engine: Advanced YARA-X rule testing and analysis with custom rule development, community rule integration, and comprehensive malware pattern detection
ZIP Archive Support: Added support for password-protected ZIP archives across all analysis modules (use password "infected" for samples)
Enhanced File Name Lookup: Expanded Windows system file database with LOLBin classification
Infrastructure Upgrade: Faster processing and more compute!
UI Improvements: all sorts of minor tweaks and changes to have a better experience

Version 1.0.0 (July 2025)

Initial Release

Windows Event Log Analyzer module
Sigma Playground module
Event ID Lookup module
Native Executable Filename Lookup module

Yara Rules Retrieval

Retrieves specific Yara rules from the community rule set by name. Allows users to fetch one or multiple rules for inspection, customization or context enrichment. This API endpoint is supplemental and performs lookups for rules that matched when the user desires to see more context on top of the rule metadata.

Frequently Asked Questions

Common questions about the Cursed Tools cybersecurity investigation platform, features, security, billing, and support.