-
Disable Tamper Protection and Windows Defender, preferably via Group Policy. Resources:
* Disabling Tamper Protection
* https://support.microsoft.com/en-us/windows/prevent-changes-to-security-…
Ana06 updated
8 months ago
-
_Originally posted by @williballenthin in https://github.com/mandiant/capa/pull/1080#discussion_r912047439_
ideally, we want to be able to install capa simply by doing `pip install flare-capa` and/…
-
### Details
The UAC promp is annoying/time consuming as we need to launch many of our tools in admin mode. Disabling it has the issue that we won't notice that malware want to get admin priviledges b…
-
Hello,
I am relatively new to GitHub, but I have noticed whenever I use FakeNet and I have network traffic that has an IP in the "HostBlackList" section of the config my FakeNet screen is spammed wi…
-
hello,when i click the link to download Victim VM,i get a report says "Bucket is a requester pays bucket but no user project provided.",can you give me some advice to download it?thank you
-
These strings appear to be related to RTTI / reflection. two things suggest this:
1. their contents, which are Go type names, and
2. working backwards, to see where they're used, are type desc…
-
## Summary
Generic way to identify shellcode hashing functions.
See #166
## Features
- (tight) loops
- ROR/ROL/SHIFT/XOR/ADD/SUB
- PEB offsets
- PE offsets
-
A Job based on https://www.fireeye.com/blog/threat-research/2019/09/open-sourcing-stringsifter.html would be nice (and easy).
-
### Details
As detailed in this [post](https://answers.microsoft.com/en-us/windows/forum/all/disabling-the-office-hotkey-in-windows-10/58e2f30f-8556-4f73-bf0c-56544697218d), the default mapping of `A…
-
take inspiration from https://clig.dev/ for best practices when it comes to CLI tools, like capa.
don't necessarily re-write things to adhere to the style, especially when we already have a working…