diff --git a/CHANGELOG.md b/CHANGELOG.md
index 45e09042..48dbd6bd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,8 +16,7 @@
 
 - legacy term `arch` (i.e., "x32") is now called `bitness` @williballenthin
 
-### New Rules (21)
-
+### New Rules (24)
 
 - collection/webcam/capture-webcam-image johnk3r
 - nursery/list-drag-and-drop-files michael.hunhoff@fireeye.com
@@ -40,6 +39,9 @@
 - nursery/parse-url michael.hunhoff@fireeye.com
 - nursery/register-raw-input-devices michael.hunhoff@fireeye.com
 - anti-analysis/packer/gopacker/packed-with-gopacker jared.wilson@fireeye.com
+- host-interaction/driver/create-device-object @mr-tz
+- host-interaction/process/create/execute-command @mr-tz
+- data-manipulation/encryption/create-new-key-via-cryptacquirecontext chuong.dong@fireeye.com
 -
 
 ### Bug Fixes
diff --git a/README.md b/README.md
index 055c08d9..a3a6a54c 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa)
 [![Last release](https://img.shields.io/github/v/release/fireeye/capa)](https://github.com/fireeye/capa/releases)
-[![Number of rules](https://img.shields.io/badge/rules-600-blue.svg)](https://github.com/fireeye/capa-rules)
+[![Number of rules](https://img.shields.io/badge/rules-603-blue.svg)](https://github.com/fireeye/capa-rules)
 [![CI status](https://github.com/fireeye/capa/workflows/CI/badge.svg)](https://github.com/fireeye/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster)
 [![Downloads](https://img.shields.io/github/downloads/fireeye/capa/total)](https://github.com/fireeye/capa/releases)
 [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt)
diff --git a/rules b/rules
index 5667138d..f0f3b8af 160000
--- a/rules
+++ b/rules
@@ -1 +1 @@
-Subproject commit 5667138d7fd327e4acab8fe6ecd7ffa260fce1ea
+Subproject commit f0f3b8af5a4421a33f28c1147f8e46e956a0a83f