mandiant capa-rules issues

mandiant / capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

https://github.com/mandiant/capa/

Apache License 2.0

507 stars 156 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

rule idea: modify PendingFileRenameOperations to delete, rename, or move file across reboots

#911 mike-hunhoff opened 4 days ago
0
rule idea: adjust process token privilege

#910 P4nD3m1CB0Y0xD closed 1 day ago
0
Create new rule with LoadLibrary, etc. APIs

#909 mr-tz opened 1 month ago
0
fix the scope of some rules with dependencies

#908 williballenthin closed 1 month ago
0
adding / updating linux / android rules

#907 mike-hunhoff closed 1 month ago
3
Add rule compiled-with-dart.yml

#906 jtothej closed 1 month ago
0
Add hide-graphical-window-from-taskbar.yml rule

#905 jtothej closed 1 month ago
1
Add new rule act-as-time-provider-dll.yml

#904 jtothej closed 1 month ago
0
adding new and updating linux / android rules

#903 mike-hunhoff closed 1 month ago
0
Add two new CAPA rules: act-as-share-provider-dll.yml and act-as-windbg-extension.yml

#902 jtothej closed 1 month ago
0
Add EnumProps to callback shellcode execution rule

#901 Still34 closed 1 month ago
0
Update encrypt-data-using-dpapi.yml rule

#900 jtothej closed 1 month ago
0
Rules to find interesting code

#898 mr-tz opened 2 months ago
0
parse-credit-card-information -> mimikatz.exe_:0x444E02

#897 mike-hunhoff opened 2 months ago
0
Add additional shellcode execution callback functions

#896 Still34 closed 2 months ago
0
Create self-delete-using-alternate-data-streams.yml

#895 dstepanic closed 2 months ago
5
self delete using alternate data streams

#894 dstepanic closed 2 months ago
0
add API features for ws2_32 ordinals

#893 williballenthin closed 2 months ago
1
add android OS where applicable

#892 mr-tz closed 2 months ago
0
reduce FPs by adjusting `go1.` substring feature

#891 mr-tz closed 2 months ago
0
Create encrypt-data-using-rc4-via-systemfunction033.yml

#890 dstepanic closed 2 months ago
5
[obfuscated-with-litcrypt]

#889 lulzc opened 3 months ago
0
Add SysWhispers2 detection & add 0x2e syscall detection

#888 Still34 opened 4 months ago
0
Support ATT&CK v14.1 Techniques

#887 mr-tz opened 4 months ago
3
fix encrypt-data-using-salsa20-or-chacha.yml

#886 mike-hunhoff closed 4 months ago
0
[CI] Correct token used to update badge

#885 Ana06 closed 4 months ago
0
Failed to get gist: 403 Forbidden

#884 mr-tz closed 4 months ago
1
[CI] Update GitHub actions to versions using Node 20

#883 Ana06 closed 4 months ago
0
[CI] Use badge in gist for rules number in README

#882 Ana06 closed 4 months ago
0
find/reference Explorer window

#881 mr-tz opened 5 months ago
0
TLS client via OpenSSL

#880 williballenthin opened 5 months ago
0
add rules for volume interaction via IOCTLs

#879 williballenthin closed 5 months ago
2
add delete drive layout via ioctl

#878 williballenthin closed 5 months ago
1
delete drive layout via IOCTL

#877 williballenthin closed 5 months ago
1
resolve Microsoft.Win32.Win32Native to execute native Windows APIs in .NET

#876 mike-hunhoff opened 6 months ago
0
block system shutdown

#875 mike-hunhoff opened 6 months ago
0
Revert "Update Mappings for MBC (Q4 2023)"

#874 mr-tz closed 6 months ago
1
Detect Safengine Shielden (limitation)

#873 mike-hunhoff opened 6 months ago
0
synchronized fn callback execution (extend create-thread.yml)?

#872 mike-hunhoff opened 6 months ago
1
Fix linter fail

#871 mr-tz closed 5 months ago
0
add new linux rules to nursery

#870 williballenthin closed 6 months ago
0
linux: get current process information

#869 williballenthin closed 6 months ago
0
Linux: Hook library function using dlsym with RTLD_NEXT

#868 williballenthin closed 6 months ago
0
Add additional domains for known IP obtaining services

#867 Still34 closed 6 months ago
1
Pull out .NET features

#866 mr-tz closed 6 months ago
1
Ghostly Hollowing process injection rule

#865 sara-rn closed 5 months ago
0
Use COM instead of bytes features

#864 mr-tz closed 7 months ago
0
Update TLS namespaces

#863 mr-tz closed 7 months ago
0
Update Mappings for MBC (Q4 2023)

#862 ryantxu1 closed 6 months ago
1
Update reference-analysis-tools-strings.yml

#861 ruppde closed 5 months ago
4