issues
search
mandiant
/
capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
https://github.com/mandiant/capa/
Apache License 2.0
507
stars
156
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
rule idea: modify PendingFileRenameOperations to delete, rename, or move file across reboots
#911
mike-hunhoff
opened
4 days ago
0
rule idea: adjust process token privilege
#910
P4nD3m1CB0Y0xD
closed
1 day ago
0
Create new rule with LoadLibrary, etc. APIs
#909
mr-tz
opened
1 month ago
0
fix the scope of some rules with dependencies
#908
williballenthin
closed
1 month ago
0
adding / updating linux / android rules
#907
mike-hunhoff
closed
1 month ago
3
Add rule compiled-with-dart.yml
#906
jtothej
closed
1 month ago
0
Add hide-graphical-window-from-taskbar.yml rule
#905
jtothej
closed
1 month ago
1
Add new rule act-as-time-provider-dll.yml
#904
jtothej
closed
1 month ago
0
adding new and updating linux / android rules
#903
mike-hunhoff
closed
1 month ago
0
Add two new CAPA rules: act-as-share-provider-dll.yml and act-as-windbg-extension.yml
#902
jtothej
closed
1 month ago
0
Add EnumProps to callback shellcode execution rule
#901
Still34
closed
1 month ago
0
Update encrypt-data-using-dpapi.yml rule
#900
jtothej
closed
1 month ago
0
Rules to find interesting code
#898
mr-tz
opened
2 months ago
0
parse-credit-card-information -> mimikatz.exe_:0x444E02
#897
mike-hunhoff
opened
2 months ago
0
Add additional shellcode execution callback functions
#896
Still34
closed
2 months ago
0
Create self-delete-using-alternate-data-streams.yml
#895
dstepanic
closed
2 months ago
5
self delete using alternate data streams
#894
dstepanic
closed
2 months ago
0
add API features for ws2_32 ordinals
#893
williballenthin
closed
2 months ago
1
add android OS where applicable
#892
mr-tz
closed
2 months ago
0
reduce FPs by adjusting `go1.` substring feature
#891
mr-tz
closed
2 months ago
0
Create encrypt-data-using-rc4-via-systemfunction033.yml
#890
dstepanic
closed
2 months ago
5
[obfuscated-with-litcrypt]
#889
lulzc
opened
3 months ago
0
Add SysWhispers2 detection & add 0x2e syscall detection
#888
Still34
opened
4 months ago
0
Support ATT&CK v14.1 Techniques
#887
mr-tz
opened
4 months ago
3
fix encrypt-data-using-salsa20-or-chacha.yml
#886
mike-hunhoff
closed
4 months ago
0
[CI] Correct token used to update badge
#885
Ana06
closed
4 months ago
0
Failed to get gist: 403 Forbidden
#884
mr-tz
closed
4 months ago
1
[CI] Update GitHub actions to versions using Node 20
#883
Ana06
closed
4 months ago
0
[CI] Use badge in gist for rules number in README
#882
Ana06
closed
4 months ago
0
find/reference Explorer window
#881
mr-tz
opened
5 months ago
0
TLS client via OpenSSL
#880
williballenthin
opened
5 months ago
0
add rules for volume interaction via IOCTLs
#879
williballenthin
closed
5 months ago
2
add delete drive layout via ioctl
#878
williballenthin
closed
5 months ago
1
delete drive layout via IOCTL
#877
williballenthin
closed
5 months ago
1
resolve Microsoft.Win32.Win32Native to execute native Windows APIs in .NET
#876
mike-hunhoff
opened
6 months ago
0
block system shutdown
#875
mike-hunhoff
opened
6 months ago
0
Revert "Update Mappings for MBC (Q4 2023)"
#874
mr-tz
closed
6 months ago
1
Detect Safengine Shielden (limitation)
#873
mike-hunhoff
opened
6 months ago
0
synchronized fn callback execution (extend create-thread.yml)?
#872
mike-hunhoff
opened
6 months ago
1
Fix linter fail
#871
mr-tz
closed
5 months ago
0
add new linux rules to nursery
#870
williballenthin
closed
6 months ago
0
linux: get current process information
#869
williballenthin
closed
6 months ago
0
Linux: Hook library function using dlsym with RTLD_NEXT
#868
williballenthin
closed
6 months ago
0
Add additional domains for known IP obtaining services
#867
Still34
closed
6 months ago
1
Pull out .NET features
#866
mr-tz
closed
6 months ago
1
Ghostly Hollowing process injection rule
#865
sara-rn
closed
5 months ago
0
Use COM instead of bytes features
#864
mr-tz
closed
7 months ago
0
Update TLS namespaces
#863
mr-tz
closed
7 months ago
0
Update Mappings for MBC (Q4 2023)
#862
ryantxu1
closed
6 months ago
1
Update reference-analysis-tools-strings.yml
#861
ruppde
closed
5 months ago
4
Next