From 5bc85f39a6676c7b9e68804fceae3b9815807818 Mon Sep 17 00:00:00 2001
From: Capa Bot <capa-dev@mandiant.com>
Date: Fri, 7 Jul 2023 06:26:34 +0000
Subject: [PATCH 1/3] Sync capa rules submodule

---
 CHANGELOG.md | 3 ++-
 README.md    | 2 +-
 rules        | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e5edae74..f461f392 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@
 - Update Metadata type in capa main [#1411](https://github.com/mandiant/capa/issues/1411) [@Aayush-Goel-04](https://github.com/aayush-goel-04) @manasghandat
 - Python 3.8 is now the minimum supported Python version #1578 @williballenthin
 
-### New Rules (21)
+### New Rules (22)
 
 - load-code/shellcode/execute-shellcode-via-windows-callback-function ervin.ocampo@mandiant.com jakub.jozwiak@mandiant.com
 - nursery/execute-shellcode-via-indirect-call ronnie.salomonsen@mandiant.com
@@ -33,6 +33,7 @@
 - persistence/office/act-as-word-wll-add-in jakub.jozwiak@mandiant.com
 - anti-analysis/anti-debugging/debugger-evasion/hide-thread-from-debugger michael.hunhoff@mandiant.com jakub.jozwiak@mandiant.com
 - host-interaction/memory/create-new-application-domain-in-dotnet jakub.jozwiak@mandiant.com
+- host-interaction/gui/switch-active-desktop jakub.jozwiak@mandiant.com
 -
 
 ### Bug Fixes
diff --git a/README.md b/README.md
index cd748a5d..723671a4 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa)
 [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases)
-[![Number of rules](https://img.shields.io/badge/rules-809-blue.svg)](https://github.com/mandiant/capa-rules)
+[![Number of rules](https://img.shields.io/badge/rules-810-blue.svg)](https://github.com/mandiant/capa-rules)
 [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster)
 [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases)
 [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt)
diff --git a/rules b/rules
index f109d758..a2989e6b 160000
--- a/rules
+++ b/rules
@@ -1 +1 @@
-Subproject commit f109d758ced8235892da97a5cfe31bcd6b09a4fa
+Subproject commit a2989e6ba5e145617d2aa3a23d365bff6f752284

From b8f277b3c6c5634f4caaaa3b1068222478e862f6 Mon Sep 17 00:00:00 2001
From: Capa Bot <capa-dev@mandiant.com>
Date: Fri, 7 Jul 2023 06:26:53 +0000
Subject: [PATCH 2/3] Sync capa-testfiles submodule

---
 tests/data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/data b/tests/data
index bc0c0fe2..8ff7e34c 160000
--- a/tests/data
+++ b/tests/data
@@ -1 +1 @@
-Subproject commit bc0c0fe29a445be7da2a45c40e59cb9ad14651ec
+Subproject commit 8ff7e34ce00bad26b3199d49f14d260f17da2d48

From 4a2902512ee2ffe6ddeb2ec4136b090f3a9aeb00 Mon Sep 17 00:00:00 2001
From: Moritz <mr-tz@users.noreply.github.com>
Date: Fri, 7 Jul 2023 14:01:50 +0200
Subject: [PATCH 3/3] Update test_binja_features.py (#1595)

temporarily skip stack string test, while we wait for #1473
---
 tests/test_binja_features.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/test_binja_features.py b/tests/test_binja_features.py
index 04c8a49e..2e9e6697 100644
--- a/tests/test_binja_features.py
+++ b/tests/test_binja_features.py
@@ -37,6 +37,8 @@ except ImportError:
     indirect=["sample", "scope"],
 )
 def test_binja_features(sample, scope, feature, expected):
+    if feature == capa.features.common.Characteristic("stack string"):
+        pytest.xfail("skip failing Binja stack string detection temporarily, see #1473")
     fixtures.do_test_feature_presence(fixtures.get_binja_extractor, sample, scope, feature, expected)