diff --git a/.github/workflows/pip-audit.yml b/.github/workflows/pip-audit.yml
new file mode 100644
index 00000000..f18babf5
--- /dev/null
+++ b/.github/workflows/pip-audit.yml
@@ -0,0 +1,21 @@
+name: PIP audit
+
+on:
+  schedule:
+  - cron: '0 8 * * 1'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+
+      - uses: pypa/gh-action-pip-audit@v1.0.8
+        with:
+          inputs: .
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 484694a0..3f6d1776 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,7 +22,7 @@
 - update freeze format to v3, adding support for dynamic analysis @williballenthin
 - extractor: ignore DLL name for api features #1815 @mr-tz
 
-### New Rules (19)
+### New Rules (34)
 
 - nursery/get-ntoskrnl-base-address @mr-tz
 - host-interaction/network/connectivity/set-tcp-connection-state @johnk3r
@@ -43,6 +43,20 @@
 - host-interaction/process/inject/allocate-or-change-rwx-memory @mr-tz
 - lib/allocate-or-change-rw-memory 0x534a@mailbox.org @mr-tz
 - lib/change-memory-protection @mr-tz
+- anti-analysis/anti-av/patch-antimalware-scan-interface-function jakub.jozwiak@mandiant.com
+- executable/dotnet-singlefile/bundled-with-dotnet-single-file-deployment sara.rincon@mandiant.com
+- internal/limitation/file/internal-dotnet-single-file-deployment-limitation sara.rincon@mandiant.com
+- data-manipulation/encoding/encode-data-using-add-xor-sub-operations jakub.jozwiak@mandiant.com
+- nursery/access-camera-in-dotnet-on-android michael.hunhoff@mandiant.com
+- nursery/capture-microphone-audio-in-dotnet-on-android michael.hunhoff@mandiant.com
+- nursery/capture-screenshot-in-dotnet-on-android michael.hunhoff@mandiant.com
+- nursery/check-for-incoming-call-in-dotnet-on-android michael.hunhoff@mandiant.com
+- nursery/check-for-outgoing-call-in-dotnet-on-android michael.hunhoff@mandiant.com
+- nursery/compiled-with-xamarin michael.hunhoff@mandiant.com
+- nursery/get-os-version-in-dotnet-on-android michael.hunhoff@mandiant.com
+- data-manipulation/compression/create-cabinet-on-windows michael.hunhoff@mandiant.com jakub.jozwiak@mandiant.com
+- data-manipulation/compression/extract-cabinet-on-windows jakub.jozwiak@mandiant.com
+- lib/create-file-decompression-interface-context-on-windows jakub.jozwiak@mandiant.com
 -
 
 ### Bug Fixes
diff --git a/README.md b/README.md
index dab3f132..bf988557 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa)
 [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases)
-[![Number of rules](https://img.shields.io/badge/rules-847-blue.svg)](https://github.com/mandiant/capa-rules)
+[![Number of rules](https://img.shields.io/badge/rules-859-blue.svg)](https://github.com/mandiant/capa-rules)
 [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster)
 [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases)
 [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt)
diff --git a/pyproject.toml b/pyproject.toml
index 31f5312f..38f2e80c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -37,18 +37,18 @@ dependencies = [
     "tabulate==0.9.0",
     "colorama==0.4.6",
     "termcolor==2.3.0",
-    "wcwidth==0.2.8",
+    "wcwidth==0.2.12",
     "ida-settings==2.1.0",
     "viv-utils[flirt]==0.7.9",
     "halo==0.0.31",
     "networkx==3.1",
-    "ruamel.yaml==0.17.35",
+    "ruamel.yaml==0.18.5",
     "vivisect==1.1.1",
     "pefile==2023.2.7",
     "pyelftools==0.30",
     "dnfile==0.14.1",
     "dncil==1.0.2",
-    "pydantic==2.1.1",
+    "pydantic==2.4.0",
     "protobuf==4.23.4",
 ]
 dynamic = ["version"]
@@ -62,25 +62,25 @@ packages = ["capa"]
 [project.optional-dependencies]
 dev = [
     "pre-commit==3.5.0",
-    "pytest==7.4.2",
+    "pytest==7.4.3",
     "pytest-sugar==0.9.7",
     "pytest-instafail==0.5.0",
     "pytest-cov==4.1.0",
     "flake8==6.1.0",
-    "flake8-bugbear==23.9.16",
-    "flake8-encodings==0.5.0.post1",
+    "flake8-bugbear==23.11.26",
+    "flake8-encodings==0.5.1",
     "flake8-comprehensions==3.14.0",
     "flake8-logging-format==0.9.0",
-    "flake8-no-implicit-concat==0.3.4",
+    "flake8-no-implicit-concat==0.3.5",
     "flake8-print==5.0.0",
     "flake8-todos==0.3.0",
     "flake8-simplify==0.21.0",
     "flake8-use-pathlib==0.3.0",
     "flake8-copyright==0.2.4",
-    "ruff==0.0.291",
-    "black==23.9.1",
+    "ruff==0.1.6",
+    "black==23.11.0",
     "isort==5.11.4",
-    "mypy==1.6.0",
+    "mypy==1.7.1",
     "psutil==5.9.2",
     "stix2==3.0.1",
     "requests==2.31.0",
@@ -92,12 +92,12 @@ dev = [
     "types-tabulate==0.9.0.3",
     "types-termcolor==1.1.4",
     "types-psutil==5.8.23",
-    "types_requests==2.31.0.2",
+    "types_requests==2.31.0.10",
     "types-protobuf==4.23.0.3",
 ]
 build = [
-    "pyinstaller==6.1.0",
-    "setuptools==68.0.0",
+    "pyinstaller==6.2.0",
+    "setuptools==69.0.2",
     "build==1.0.3"
 ]
 
diff --git a/rules b/rules
index 1aae081f..9820a215 160000
--- a/rules
+++ b/rules
@@ -1 +1 @@
-Subproject commit 1aae081f921e1194a44ad771abd0d078e1d161fb
+Subproject commit 9820a215d87c026d2c53ed69dcccb02b485b9df1