Release Notes

Windows

1.1.10
April 14, 2021
fix
While never observed, according to the Windows API documentation, getting the current username can fail. If that happened the Gremlin Client would fail to run an attack. Instead, this version resorts to using "unknown" if the username cannot be determined.
1.1.9
April 5, 2021
new
Daemon log file management improvements. Previously, the log file was truncated at midnight. That made troubleshooting difficult. The log file is now rolled when it reaches approximately 1 MiB. Ten compressed log files are kept. With this update the current log file typically captures several days and the compressed log files typically capture a few weeks at a modest cost of approximately 2 MiB of disk space.
1.1.8
March 17, 2021
fix
Fix a bug in Gremlin's argument parsing for the hostnames and ipaddresses arguments for network attacks.
1.1.7
March 12, 2021
fix
Improve command-line argument parsing by providing better error messages and catching more edge cases related to illegal inputs.
1.1.6
March 4, 2021
fix
Patch a vulnerability in a 3rd party library that posed a variety of memory corruption scenarios, most likely use-after-free.
info
Drop invalid targeting tags with a warning.
1.1.5
February 18, 2021
new
The daemon version is included in the gremlin check report.
fix
Occasionally the Docker version was incorrectly parsed which would result in the classic driver being used for container attacks.
1.1.4
February 8, 2021
new
Some agent API traffic is now consolidated into fewer requests.
1.1.3
January 27, 2021
new
Some agent API traffic is now gzip-compressed, reducing network overhead on machines where Gremlin is installed.
1.1.2
January 12, 2021
fix
Patch a vulnerability in a 3rd party library that posed a potential buffer overflow scenario
fix
Patch a vulnerability in a 3rd party library that posed a potential scenario to operate on dangling memory references
1.1.1
December 11, 2020
new
You can now specify the SSL_CERT_FILE variable via the config.yml file. See the advanced configuration page for details on how to use it.
1.1.0
December 7, 2020
fix
Gremlin now properly interprets escaped newline characters \n for values of the GREMLIN_SSL_CERT environment variable.
info
Gremlin now reports container and process data at a slower rate, down from every 5 seconds during active attacks (and every 10 seconds otherwise) to every 30 seconds. We've found that this data changes much less frequently than is justified for a 5-10 second interval. This should result in significantly reduced network overhead required to run Gremlin.
info
Updated dependencies
1.0.18
November 20, 2020
fix
The Gremlin agent now writes a message to daemon.log when attacks finish. This provides observers of this log with an approximation on when attacks have ended.
info
Updated dependencies
1.0.17
November 6, 2020
new
Gremlin correctly reports Windows 2019 (and later)
fix
Gremlin can be removed if the kernel driver is stopped or removed by hand
1.0.16
October 13, 2020
fix
Eliminate a nuisance warning that was output at the end of an attack
info
Updated dependencies
1.0.15
October 8, 2020
info
Updated dependencies
1.0.14
October 2, 2020
fix
Fixed a bug that prevented proper installation on Windows Server 2016
1.0.12
September 28, 2020
new
AWS Availability Zone ID (azid) is available for targeting.
new
AWS tags are now available for targeting.
1.0.11
September 21, 2020
fix
Fix a regression introduced in 1.0.10 that prevented proper installation on Windows 8.1 / Server 2012 R2
1.0.10
September 15, 2020
new
Latency attacks are available
1.0.9
August 27, 2020
info
Updated dependencies
1.0.8
July 30, 2020
fix
On Windows machines with many cores, CPU attack was not utilizing as much CPU time as expected.
1.0.7
July 15, 2020
fix
Improve error messaging when Gremlin fails to find an IP address for a hostname supplied with the --hostname argument, which can be passed to any network attack. Error message now mentions failures due to specifying a hostname that maps to an invalid DNS record type, such as NS.
1.0.6
July 1, 2020
fix
Patch a vulnerability in a 3rd party library that posed a potential denial of service to Gremlin's outbound https connections. In practice this is 100% mitigated unless connecting Gremlin through a malicious SSL proxy
info
Updated dependencies
1.0.5
June 10, 2020
new
Add DNS attack
1.0.4
June 2, 2020
fix
Added more detail to error messages that occur when Gremlin fails to do a DNS lookup of a hostname. Previously the error message did not include the reason for the lookup failure. An example of the new detail we've added is: failed to lookup address information: Name does not resolve.
1.0.3
May 20, 2020
fix
Fixed a bug where the Gremlin Disk attack would not clean up the impact files it created if it was halted from the UI.
1.0.2
May 11, 2020
fix
Added additional validity checks on data returned from the Windows API. This improves error handling when the target system does not behave as Gremlin expected.
1.0.1
May 6, 2020
info
We now collect an approximate host boot time, this will aid Gremlin to better recognize unique hosts on your team.
fix
Select a default network interface in more cases (also used when Gremlin identifier isn't specified).
1.0.0
April 30, 2020
new
Initial release of Gremlin for Windows, allowing attacks to be run on Windows environments. See more about running Gremlin on Windows.