diff --git a/.cast.yml b/.cast.yml
index 82edbf3..3a0ae35 100644
--- a/.cast.yml
+++ b/.cast.yml
@@ -21,10 +21,10 @@ manifest:
       deprecated: true
       replacement: desktop
   supported_os:
-    - id: ubuntu
-      release: 20.04
     - id: ubuntu
       release: 22.04
+    - id: ubuntu
+      release: 24.04
   saltstack:
     pillars:
       sift_user_template: "{{ .User }}"
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 038e014..d961057 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -4,9 +4,12 @@ on:
   push:
     branches:
       - master
+      - main
+      - next
   pull_request:
     branches:
       - master
+      - main
       - next
 
 jobs:
@@ -29,18 +32,18 @@ jobs:
     if: ${{ needs.changed_states.outputs.matrix != '[]' }}
     strategy:
       matrix:
-        salt: [3006, 3007]
-        os: [20.04, 22.04]
+        salt: [3007, 3006]
+        os: [22.04, 24.04]
         state: ${{ fromJson(needs.changed_states.outputs.matrix) }}
         include:
-          - os: 20.04
-            code: focal
+          - os: 24.04
+            code: noble
           - os: 22.04
             code: jammy
     container:
-      image: docker://ghcr.io/ekristen/cast-tools/saltstack-tester:${{ matrix.code }}-${{ matrix.salt }}
+      image: docker://ghcr.io/ekristen/cast-tools/saltstack-tester:${{ matrix.os }}-${{ matrix.salt }}
     steps:
       - uses: actions/checkout@v4
       - name: test-state
         run: |
-          salt-call -l info --file-root . --local --retcode-passthrough --state-output=mixed state.sls ${{ matrix.state }} pillar="{sift_user: root}"
+          salt-call --local -l info --file-root . --retcode-passthrough --state-output=mixed state.sls ${{ matrix.state }} pillar="{sift_user: root}"
diff --git a/sift/config/init.sls b/sift/config/init.sls
index f7aa6f7..1ae8ec8 100644
--- a/sift/config/init.sls
+++ b/sift/config/init.sls
@@ -3,7 +3,6 @@ include:
   - sift.config.user
   - sift.config.timezone
   - sift.config.folders
-  - sift.config.salt-minion
   - sift.config.samba
   - sift.config.tools
 
@@ -15,7 +14,6 @@ sift-config:
       - sls: sift.config.user
       - sls: sift.config.timezone
       - sls: sift.config.folders
-      - sls: sift.config.salt-minion
       - sls: sift.config.samba
       - sls: sift.config.tools
       
diff --git a/sift/config/salt-minion.sls b/sift/config/salt-minion.sls
deleted file mode 100644
index 6de651d..0000000
--- a/sift/config/salt-minion.sls
+++ /dev/null
@@ -1,4 +0,0 @@
-salt-minion:
-  service.dead:
-    - name: salt-minion
-    - enable: False
diff --git a/sift/packages/exfat-extras.sls b/sift/packages/exfat-extras.sls
index a5b2722..dfb798c 100644
--- a/sift/packages/exfat-extras.sls
+++ b/sift/packages/exfat-extras.sls
@@ -1,8 +1,10 @@
-include:
-  - sift.packages.exfat-extras_{{ grains['oscodename'] }}
+# Name: exfat-utils
+# Website: https://github.com/relan/exfat
+# Description: Free exFAT File System Implementation
+# Category:
+# Author: Relan
+# License: GNU General Public License v2 (https://github.com/relan/exfat/blob/master/COPYING)
+# Notes:
 
-sift-package-exfat-extras-distro:
-  test.nop:
-    - name: sift-package-exfat-extras-distro
-    - require:
-      - sls: sift.packages.exfat-extras_{{ grains['oscodename'] }}
\ No newline at end of file
+exfatprogs:
+  pkg.installed
diff --git a/sift/packages/exfat-extras_focal.sls b/sift/packages/exfat-extras_focal.sls
deleted file mode 100644
index a4bda9e..0000000
--- a/sift/packages/exfat-extras_focal.sls
+++ /dev/null
@@ -1,10 +0,0 @@
-# Name: exfat-utils
-# Website: https://github.com/relan/exfat
-# Description: Free exFAT File System Implementation
-# Category:
-# Author: Relan
-# License: GNU General Public License v2 (https://github.com/relan/exfat/blob/master/COPYING)
-# Notes:
-
-exfat-utils:
-  pkg.installed
diff --git a/sift/packages/exfat-extras_jammy.sls b/sift/packages/exfat-extras_jammy.sls
deleted file mode 100644
index dfb798c..0000000
--- a/sift/packages/exfat-extras_jammy.sls
+++ /dev/null
@@ -1,10 +0,0 @@
-# Name: exfat-utils
-# Website: https://github.com/relan/exfat
-# Description: Free exFAT File System Implementation
-# Category:
-# Author: Relan
-# License: GNU General Public License v2 (https://github.com/relan/exfat/blob/master/COPYING)
-# Notes:
-
-exfatprogs:
-  pkg.installed
diff --git a/sift/python-packages/analyzemft.sls b/sift/python-packages/analyzemft.sls
deleted file mode 100644
index 0f6cd22..0000000
--- a/sift/python-packages/analyzemft.sls
+++ /dev/null
@@ -1,14 +0,0 @@
-{%- set commit="64c71d7c8905a119b7abdf9813e6ef5f11d3ccf1" -%}
-include:
-  - sift.packages.git
-  - sift.packages.python3-pip
-  - sift.packages.python2-pip
-
-analyzemft:
-  pip.installed:
-    - name: git+https://github.com/dkovar/analyzeMFT.git@{{ commit }}
-    - bin_env: /usr/bin/python2
-    - upgrade: True
-    - require:
-      - sls: sift.packages.git
-      - sls: sift.packages.python2-pip
diff --git a/sift/python-packages/init.sls b/sift/python-packages/init.sls
index 6bd0298..09827f2 100644
--- a/sift/python-packages/init.sls
+++ b/sift/python-packages/init.sls
@@ -1,5 +1,4 @@
 include:
-  - sift.python-packages.analyzemft
   - sift.python-packages.appcompatprocessor
   - sift.python-packages.argparse
   - sift.python-packages.bitstring
@@ -32,7 +31,6 @@ sift-python-packages:
   test.nop:
     - name: sift-python-packages
     - require:
-      - sls: sift.python-packages.analyzemft
       - sls: sift.python-packages.appcompatprocessor
       - sls: sift.python-packages.argparse
       - sls: sift.python-packages.bitstring
diff --git a/sift/python3-packages/analyzemft.sls b/sift/python3-packages/analyzemft.sls
new file mode 100644
index 0000000..33c7a47
--- /dev/null
+++ b/sift/python3-packages/analyzemft.sls
@@ -0,0 +1,41 @@
+# Name: analyzeMFT
+# Website: https://github.com/rowingdude/analyzeMFT
+# Description: NTFS MFT File Parser
+# Category: 
+# Author: Benjamin Cance
+# License: MIT License (https://github.com/rowingdude/analyzeMFT/blob/master/LICENSE.txt)
+# Notes: analyzemft
+
+{% set commit = 'b1d0e6a0aa58d42000bfdb8e6588513bd62eaeab' %}
+
+include:
+  - sift.packages.python3-virtualenv
+  - sift.packages.git
+
+sift-python3-package-analyzemft-virtualenv:
+  virtualenv.managed:
+    - name: /opt/analyzemft
+    - venv_bin: /usr/bin/virtualenv
+    - pip_pkgs:
+      - pip>=24.1.3
+      - setuptools>=70.0.0
+      - wheel>=0.38.4
+    - require:
+      - sls: sift.packages.python3-virtualenv
+
+sift-python3-package-analyzemft:
+  pip.installed:
+    - name: git+https://github.com/rowingdude/analyzemft.git@{{ commit }}
+    - bin_env: /opt/analyzemft/bin/python3
+    - upgrade: True
+    - require:
+      - virtualenv: sift-python3-package-analyzemft-virtualenv
+      - sls: sift.packages.git
+
+sift-python3-package-analyzemft-symlink:
+  file.symlink:
+    - name: /usr/local/bin/analyzemft
+    - target: /opt/analyzemft/bin/analyzemft
+    - makedirs: False
+    - require:
+      - pip: sift-python3-package-analyzemft
diff --git a/sift/python3-packages/defang.sls b/sift/python3-packages/defang.sls
index d1bf3c6..62237d6 100644
--- a/sift/python3-packages/defang.sls
+++ b/sift/python3-packages/defang.sls
@@ -1,11 +1,37 @@
-# WEBSITE: https://github.com/HurricaneLabs/machinae
-# LICENSE: MIT
+# Name: defang
+# Website: https://bitbucket.org/johannestaas/defang/src/master/
+# Description: Defangs and refangs malicious URLs
+# Category: 
+# Author: Johan Nestaas
+# License: GNU General Public License v2+ (https://bitbucket.org/johannestaas/defang/src/master/LICENSE)
+# Notes: 
+
 include:
-  - sift.python3-packages.pip
+  - sift.packages.python3-virtualenv
+
+sift-python3-package-defang-venv:
+  virtualenv.managed:
+    - name: /opt/defang
+    - venv_bin: /usr/bin/virtualenv
+    - pip_pkgs:
+      - pip>=24.1.3
+      - setuptools>=70.0.0
+      - wheel>=0.38.4
+    - require:
+      - sls: sift.packages.python3-virtualenv
 
-sift-python3-packages-defang:
+sift-python3-package-defang:
   pip.installed:
-    - name: defang==0.5.2
-    - bin_env: /usr/bin/python3
+    - name: defang
+    - bin_env: /opt/defang/bin/python3
+    - upgrade: True
+    - require:
+      - virtualenv: sift-python3-package-defang-venv
+
+sift-python3-package-defang-symlink:
+  file.symlink:
+    - name: /usr/local/bin/defang
+    - target: /opt/defang/bin/defang
+    - makedirs: False
     - require:
-      - sls: sift.python3-packages.pip
+      - pip: sift-python3-package-defang
diff --git a/sift/python3-packages/init.sls b/sift/python3-packages/init.sls
index 4d8a3af..b06aa9d 100644
--- a/sift/python3-packages/init.sls
+++ b/sift/python3-packages/init.sls
@@ -1,4 +1,5 @@
 include:
+  - sift.python3-packages.analyzemft
   - sift.python3-packages.python3-keyring
   - sift.python3-packages.pip
   - sift.python3-packages.python3-keyring
@@ -31,6 +32,7 @@ sift-python3-packages:
   test.nop:
     - name: sift-python3-packages
     - require:
+      - sls: sift.python3-packages.analyzemft
       - sls: sift.python3-packages.python3-keyring
       - sls: sift.python3-packages.pip
       - sls: sift.python3-packages.python3-keyring
diff --git a/sift/scripts/docker-compose.sls b/sift/scripts/docker-compose.sls
index c93802f..6897c14 100644
--- a/sift/scripts/docker-compose.sls
+++ b/sift/scripts/docker-compose.sls
@@ -1,10 +1,9 @@
-{%- set version = "2.15.1" -%}
-{%- set hash = "bcfd9ea51dee4c19dccdfaeef0e7956ef68bf14f3d175933742061a7271ef0f5" -%}
+{%- set version = "2.23.2" -%}
 
 sift-scripts-docker-compose:
   file.managed:
     - name: /usr/local/bin/docker-compose
     - source: https://github.com/docker/compose/releases/download/v{{ version }}/docker-compose-{{ grains['kernel'] }}-{{ grains['cpuarch'] }}
-    - source_hash: sha256={{ hash }}
+    - source_hash: https://github.com/docker/compose/releases/download/v{{ version }}/docker-compose-{{ grains['kernel'] }}-{{ grains['cpuarch'] }}.sha256
     - mode: 755
     - replace: True