gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-06-28 01:13:20 -07:00
Code Issues Packages Projects Releases Wiki Activity
5,110 Commits 54 Branches 49 Tags
100df45cc055eea9fd2b5da77511dee701bd8ea6
Commit Graph

5110 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yacine Elhamer d4c4a17eb7 bugfixes and add cape sample tests 2023-06-19 23:42:27 +01:00
Yacine Elhamer 3c8abab574 fix bugs and refactor code 2023-06-19 23:40:09 +01:00
Yacine Elhamer 38596f8d0e add features for the QakBot sample 2023-06-19 19:32:56 +01:00
Yacine Elhamer 4acdca090d bug fixes 2023-06-19 17:14:59 +01:00
Yacine Elhamer f02178852b update changelog 2023-06-19 17:01:05 +01:00
Yacine Elhamer 98e7acddf4 fix codestyle issues 2023-06-19 16:59:27 +01:00
Yacine Elhamer 9458e851c0 update test sample's path 2023-06-19 16:46:24 +01:00
Yacine Elhamer a04512d7b8 add unit tests for the cape feature extractor 2023-06-19 16:43:54 +01:00
Moritz 1bc0174f6f Merge pull request #1562 from mandiant/dependabot/pip/ruamel-yaml-0.17.32 
build(deps): bump ruamel-yaml from 0.17.28 to 0.17.32
 2023-06-19 17:24:22 +02:00
Moritz 90842f313a Merge pull request #1543 from mandiant/dependabot/pip/pydantic-1.10.9 
build(deps): bump pydantic from 1.10.7 to 1.10.9
 2023-06-19 17:23:51 +02:00
Moritz 6aa2f6457c Merge pull request #1521 from mandiant/dependabot/pip/pytest-cov-4.1.0 
build(deps-dev): bump pytest-cov from 4.0.0 to 4.1.0
 2023-06-19 17:23:19 +02:00
Moritz b7c600e60b Merge pull request #1520 from mandiant/dependabot/pip/requests-2.31.0 
build(deps-dev): bump requests from 2.28.0 to 2.31.0
 2023-06-19 17:22:55 +02:00
Moritz d397b46b63 Merge pull request #1518 from mandiant/dependabot/pip/types-requests-2.31.0.1 
build(deps-dev): bump types-requests from 2.28.1 to 2.31.0.1
 2023-06-19 17:22:32 +02:00
dependabot[bot] 7a6b7c5ef0 build(deps): bump ruamel-yaml from 0.17.28 to 0.17.32 
Bumps [ruamel-yaml](https://sourceforge.net/p/ruamel-yaml/code/ci/default/tree) from 0.17.28 to 0.17.32.

---
updated-dependencies:
- dependency-name: ruamel-yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-19 14:58:25 +00:00
Yacine Elhamer d6fa832d83 cape: move get_processes() method to file scope 2023-06-19 13:50:46 +01:00
Yacine Elhamer dbad921fa5 code style changes 2023-06-15 13:21:17 +01:00
Yacine Elhamer e1535dd574 remove Registry, Filename, and mutex features 2023-06-15 13:17:07 +01:00
Yacine Elhamer 22640eb900 cape/file.py: remove FunctionName feature extraction for imported functions 2023-06-15 12:44:57 +01:00
Yacine Elhamer 7e51e03043 cape/file.py: remove String, Filename, and Mutex features 2023-06-15 12:43:39 +01:00
Yacine Elhamer 865616284f cape/thread.py: remove yielding argument features 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 12:33:22 +01:00
Yacine Elhamer 0cf728b7e1 global_.py: update typo in yielded OS name 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 12:28:08 +01:00
Willi Ballenthin a2d563b081 Merge branch 'dynamic-feature-extraction' into cape-extractor 2023-06-15 12:43:55 +02:00
Willi Ballenthin 8119aa6933 ci: do tests on dynamic-feature-extraction branch 2023-06-15 12:17:02 +02:00
Willi Ballenthin 6b953363d1 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:33 +02:00
Willi Ballenthin 139b240250 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:32 +02:00
Willi Ballenthin 36b5dff1f0 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:32 +02:00
Yacine Elhamer 7ae07d4de5 remove redundant types 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:32 +02:00
Yacine Elhamer 59ef52a271 remove default implementation 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:31 +02:00
Yacine Elhamer 34a1b22a38 remove ppid member from ProcessHandle 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:31 +02:00
Yacine Elhamer b4f01fa6c2 add ppid documentation to the dynamic extractor interface 2023-06-15 11:40:30 +02:00
Yacine Elhamer 2d6d16dcd0 add parent process id to the process handle 2023-06-15 11:40:30 +02:00
Yacine Elhamer 1ccae4fef2 remove from_trace() and submit_sample() methods 2023-06-15 11:40:29 +02:00
Yacine Elhamer ee30acab32 get_threads(): fix mypy typing 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-15 11:40:29 +02:00
Yacine Elhamer 5189bef325 fix bad comment 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-15 11:40:28 +02:00
Yacine Elhamer 17597580f4 add abstract DynamicExtractor class 2023-06-15 11:40:28 +02:00
Yacine Elhamer f97f9e8646 Merge branch 'dynamic-features' into cape-extractor 2023-06-14 23:07:39 +01:00
Yacine Elhamer 91f1d41324 extract registry keys, files, and mutexes from the sample 2023-06-14 22:57:41 +01:00
Yacine Elhamer d9d9d98ea0 update the Registry, Filename, and Mutex classes 2023-06-14 22:45:12 +01:00
Willi Ballenthin e7115c7316 Update capa/features/extractors/base_extractor.py 2023-06-14 22:43:37 +01:00
Willi Ballenthin 6c58e26f14 Update capa/features/extractors/base_extractor.py 2023-06-14 22:43:37 +01:00
Willi Ballenthin dc371580a5 Update capa/features/extractors/base_extractor.py 2023-06-14 22:43:37 +01:00
Yacine Elhamer 2a047073e9 remove redundant types 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 22:43:37 +01:00
Stephen Eckels 6e3b1bc240 explorer: optimize cache and extractor interface (#1470) 
* Optimize cache and extractor interface

* Update changelog

* Run linter formatters

* Implement review feedback

* Move rulegen extractor construction to tab change

* Change rulegen cache construction behavior

* Adjust return values for CR, format

* Fix mypy errors

* Format

* Fix merge

---------

Co-authored-by: Stephen Eckels <stephen.eckels@mandiant.com>
 2023-06-14 22:43:37 +01:00
Capa Bot 51faaae1d0 Sync capa rules submodule 2023-06-14 22:43:37 +01:00
Capa Bot f55804ef06 Sync capa rules submodule 2023-06-14 22:43:37 +01:00
Xusheng e671e1c87c Add a test that asserts on the binja version 2023-06-14 22:43:37 +01:00
Xusheng a7aa817dce Update the stack string detection with BN's builtin outlining of constant expressions 2023-06-14 22:43:37 +01:00
Capa Bot dcce4db6d5 Sync capa rules submodule 2023-06-14 22:43:37 +01:00
Yacine Elhamer 64c4f0f1aa remove default implementation 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 22:43:37 +01:00
Yacine Elhamer a8f928200b remove ppid member from ProcessHandle 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 22:43:37 +01:00