issues
search
mandiant
/
capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
https://github.com/mandiant/capa/
Apache License 2.0
531
stars
160
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
restrict to `os: android`? or maybe the name and API namespace are sufficient?
#849
mike-hunhoff
opened
11 months ago
0
Add detection rule for hp-socket linking
#848
Still34
closed
9 months ago
4
updated .NET bundled rule and file limitation
#847
sara-rn
closed
11 months ago
0
updated rule to detect .NET single file deployment bundles (exe)
#846
sara-rn
closed
11 months ago
0
Update encode-data-using-base64-via-winapi.yml
#845
mr-tz
closed
11 months ago
0
improve "encode data using Base64 via WinAPI"
#844
mike-hunhoff
closed
11 months ago
0
PLUGX: make more restrictive to fix FP
#843
williballenthin
closed
11 months ago
11
PLUGX rule is too loose
#842
williballenthin
closed
11 months ago
0
identify .NET single file bundles
#841
sara-rn
closed
11 months ago
4
null-preserving XOR not identified
#840
Ana06
opened
11 months ago
2
upgrade rules using updated script
#839
mr-tz
closed
11 months ago
12
Update doc apis no dlls
#838
mr-tz
closed
1 year ago
0
Upgrade rules for static and dynamic scopes
#837
mr-tz
closed
1 year ago
2
Update and refactor memory allocation/permission rules
#836
mr-tz
closed
1 year ago
1
Update generate-random-numbers-via-rtlgenrandom.yml
#835
mr-tz
closed
1 year ago
0
Create log-keystrokes-via-input-method-manager.yml
#834
mr-tz
closed
1 year ago
0
Create capture-process-snapshot.yml
#833
mr-tz
closed
1 year ago
0
Update Mappings for MBC (part 11)
#832
ryantxu1
closed
1 year ago
1
Create add-value-to-global-atom-table.yml
#831
mr-tz
closed
1 year ago
1
Namespaces load-code vs. host-interaction/process/inject etc.
#830
mr-tz
opened
1 year ago
0
set state tcp connection
#829
johnk3r
closed
1 year ago
1
Update generate-random-numbers-via-rtlgenrandom.yml
#828
mr-tz
closed
1 year ago
0
Idea of rule modification: generate-random-numbers-via-rtlgenrandom
#827
richardweiss80
closed
1 year ago
0
add xxProtectVirtualMemory apis
#826
mr-tz
closed
1 year ago
0
encrypt data using RC4 via SystemFunction032
#825
richardweiss80
closed
1 year ago
2
init add of Xamarin rules
#824
mike-hunhoff
closed
11 months ago
2
Add remaining dynamic-syntax rules missing the dynamic scope
#823
yelhamer
closed
1 year ago
0
add `get ntoskrnl base address`
#822
mr-tz
closed
1 year ago
0
adding new rules based on private Linux sample(s)
#821
mike-hunhoff
closed
1 year ago
0
Add `dynamic: unspecified` to static-only rules
#820
yelhamer
closed
1 year ago
1
Support ATT&CK Mobile techniques (linter)
#819
mr-tz
opened
1 year ago
0
add `send SMS on Android`
#818
mr-tz
closed
1 year ago
0
Documentation for COM feature addition
#817
Aayush-Goel-04
closed
1 year ago
1
Add dynamic capa rules
#816
yelhamer
closed
11 months ago
1
fix example function address
#815
mr-tz
closed
1 year ago
0
Add dynamic rules
#814
yelhamer
closed
1 year ago
7
Update .NET JSON detections
#813
mr-tz
closed
1 year ago
0
Add foreground window check.yml
#812
ejfocampo
closed
1 year ago
2
Add check-for-av-emulation-using-virtualallocexnuma.yml
#811
jtothej
closed
1 year ago
0
Add capture-packets-using-sharppcap.yml
#810
jtothej
closed
1 year ago
0
Add get-uefi-variable.yml and set-uefi-variable.yml
#809
jtothej
closed
1 year ago
0
Update and add Cabinet archive related rules
#808
jtothej
closed
11 months ago
2
Update metadata and promote create-shortcut-via-ishelllink.yml
#807
jtothej
closed
1 year ago
0
updated translation tables
#806
sara-rn
closed
1 year ago
3
Update get-os-version.yml - Get OS version via PEB
#805
jtothej
closed
1 year ago
0
Create enumerate-device-drivers-on-linux.yml
#804
mr-tz
closed
1 year ago
0
Create enumerate-device-drivers-on-windows.yml
#803
mr-tz
closed
1 year ago
0
Update self-delete.yml
#802
mr-tz
closed
1 year ago
2
Add new rule for forwarded exports and update doc to with new charact…
#801
RonnieSalomonsen
closed
1 year ago
0
Add encode-data-using-add-xor-sub-operations.yml
#800
jtothej
closed
11 months ago
2
Previous
Next