KAPE Quarterly Update - Q3 2023

KAPE had several updates during Q3 2023. Here is a recap of all the important enhancements and news from July through September 2023:

Key Q3 2023 KAPE Updates

• KAPE virtual training update
• KAPE Official Demo
• !SANS_Triage Compound Target Updated
• New KAPE Modules
• Q3 2023 KapeFiles Changes

KAPE Training Revamp

KAPE training will no longer be offered as live training sessions but rather will be hosted in a self-paced model for students to become trained and certified at their own convenience.

The new training model will provide the following:

• The same elite instructors
• Expansion of tools covered
• More sections explored
• New in-depth walkthroughs
• Additional content
• No time constraints
• An updated certification exam

Kroll will look to release the overhauled KAPE Training program towards the end of 2023. More details to come. 

New KAPE Modules

Multiple useful KAPE Modules were created during Q3 2023. TZWorks’ tools had many new Modules created for multiple different tools within the TZWorks suite, as found here. Additional helpful PowerShell Modules have been added that can be used to convert PowerShell consolehost history.txt and Usage Logs files to CSV, which can then be ingested into a tool like Timeline Explorer for analysis. Lastly, multiple new NirSoft tools had Modules created for them, as found here.

Q3 2023 KapeFiles Changes

Here is an overview of the changes to the KapeFiles GitHub repository from July 1, 2023 to September 30, 2023.

KAPE-Related GitHub Repositories

Our experts recommend “watching” the following GitHub repositories for KAPE-related updates:

• KAPE Targets and Modules
• Registry Explorer/RECmd Plugins
• RECmd Batch Files
• SQLECmd Maps
• EvtxECmd Maps

Keep KAPE Updated

Looking for the EZ button to keep KAPE, EZ Tools and the ancillary files associated with your instance(s) of KAPE updated? Check out the PowerShell script created by Kroll’s Andrew Rathbun here to ensure your copy of KAPE is being updated.

KAPE Resources

There are a number of KAPE resources for additional KAPE support, including the KAPE manual, or you can contact our experts directly at [email protected]. An enterprise license is required when KAPE is used on a third-party network and/or as part of a paid engagement.