issues
search
mandiant
/
capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
https://github.com/mandiant/capa/
Apache License 2.0
514
stars
157
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
resolve Microsoft.Win32.Win32Native to execute native Windows APIs in .NET
#876
mike-hunhoff
opened
7 months ago
0
block system shutdown
#875
mike-hunhoff
opened
7 months ago
0
Revert "Update Mappings for MBC (Q4 2023)"
#874
mr-tz
closed
7 months ago
1
Detect Safengine Shielden (limitation)
#873
mike-hunhoff
opened
7 months ago
0
synchronized fn callback execution (extend create-thread.yml)?
#872
mike-hunhoff
opened
7 months ago
1
Fix linter fail
#871
mr-tz
closed
7 months ago
0
add new linux rules to nursery
#870
williballenthin
closed
7 months ago
0
linux: get current process information
#869
williballenthin
closed
7 months ago
0
Linux: Hook library function using dlsym with RTLD_NEXT
#868
williballenthin
closed
7 months ago
0
Add additional domains for known IP obtaining services
#867
Still34
closed
7 months ago
1
Pull out .NET features
#866
mr-tz
closed
7 months ago
1
Ghostly Hollowing process injection rule
#865
sara-rn
closed
7 months ago
0
Use COM instead of bytes features
#864
mr-tz
closed
8 months ago
0
Update TLS namespaces
#863
mr-tz
closed
8 months ago
0
Update Mappings for MBC (Q4 2023)
#862
ryantxu1
closed
7 months ago
1
Update reference-analysis-tools-strings.yml
#861
ruppde
closed
7 months ago
4
Fix the dynamic flavor scope for allocate-or-change-rw-memory.yml
#860
yelhamer
closed
8 months ago
1
Update README to showcase dynamic rules
#859
yelhamer
closed
8 months ago
1
dotnet: improve debugger detection
#858
mike-hunhoff
closed
8 months ago
1
fix logic after dynamic update
#857
mr-tz
closed
8 months ago
3
Move TLS rules to `tls` namespace?
#856
mr-tz
closed
8 months ago
0
Rules don't match on referenced example: Fix the rule logic or provide a different example
#855
mr-tz
closed
8 months ago
1
reorder meta fields
#854
mr-tz
closed
8 months ago
0
convert rules to use new COM features
#853
williballenthin
closed
8 months ago
1
suggest to run on dynamic trace for packed samples
#852
mr-tz
closed
8 months ago
0
update rule format documentation with dynamic details
#851
williballenthin
closed
8 months ago
2
discussion: organizing Android/mobile focused capa rules
#850
mike-hunhoff
opened
9 months ago
3
restrict to `os: android`? or maybe the name and API namespace are sufficient?
#849
mike-hunhoff
opened
9 months ago
0
Add detection rule for hp-socket linking
#848
Still34
closed
7 months ago
4
updated .NET bundled rule and file limitation
#847
sara-rn
closed
9 months ago
0
updated rule to detect .NET single file deployment bundles (exe)
#846
sara-rn
closed
9 months ago
0
Update encode-data-using-base64-via-winapi.yml
#845
mr-tz
closed
9 months ago
0
improve "encode data using Base64 via WinAPI"
#844
mike-hunhoff
closed
9 months ago
0
PLUGX: make more restrictive to fix FP
#843
williballenthin
closed
9 months ago
11
PLUGX rule is too loose
#842
williballenthin
closed
9 months ago
0
identify .NET single file bundles
#841
sara-rn
closed
9 months ago
4
null-preserving XOR not identified
#840
Ana06
opened
9 months ago
2
upgrade rules using updated script
#839
mr-tz
closed
8 months ago
12
Update doc apis no dlls
#838
mr-tz
closed
10 months ago
0
Upgrade rules for static and dynamic scopes
#837
mr-tz
closed
10 months ago
2
Update and refactor memory allocation/permission rules
#836
mr-tz
closed
10 months ago
1
Update generate-random-numbers-via-rtlgenrandom.yml
#835
mr-tz
closed
10 months ago
0
Create log-keystrokes-via-input-method-manager.yml
#834
mr-tz
closed
10 months ago
0
Create capture-process-snapshot.yml
#833
mr-tz
closed
10 months ago
0
Update Mappings for MBC (part 11)
#832
ryantxu1
closed
11 months ago
1
Create add-value-to-global-atom-table.yml
#831
mr-tz
closed
10 months ago
1
Namespaces load-code vs. host-interaction/process/inject etc.
#830
mr-tz
opened
11 months ago
0
set state tcp connection
#829
johnk3r
closed
10 months ago
1
Update generate-random-numbers-via-rtlgenrandom.yml
#828
mr-tz
closed
10 months ago
0
Idea of rule modification: generate-random-numbers-via-rtlgenrandom
#827
richardweiss80
closed
10 months ago
0
Previous
Next