gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-05 01:07:25 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,620 Commits 41 Branches 48 Tags
8119aa6933458606e32b5d2ff2202bbd878e40b9
Commit Graph

3620 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Willi Ballenthin
8119aa6933 ci: do tests on dynamic-feature-extraction branch 2023-06-15 12:17:02 +02:00
Willi Ballenthin
6b953363d1 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:33 +02:00
Willi Ballenthin
139b240250 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:32 +02:00
Willi Ballenthin
36b5dff1f0 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:32 +02:00
Yacine Elhamer
7ae07d4de5 remove redundant types 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:32 +02:00
Yacine Elhamer
59ef52a271 remove default implementation 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:31 +02:00
Yacine Elhamer
34a1b22a38 remove ppid member from ProcessHandle 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:31 +02:00
Yacine Elhamer
b4f01fa6c2 add ppid documentation to the dynamic extractor interface 2023-06-15 11:40:30 +02:00
Yacine Elhamer
2d6d16dcd0 add parent process id to the process handle 2023-06-15 11:40:30 +02:00
Yacine Elhamer
1ccae4fef2 remove from_trace() and submit_sample() methods 2023-06-15 11:40:29 +02:00
Yacine Elhamer
ee30acab32 get_threads(): fix mypy typing 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-15 11:40:29 +02:00
Yacine Elhamer
5189bef325 fix bad comment 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-15 11:40:28 +02:00
Yacine Elhamer
17597580f4 add abstract DynamicExtractor class 2023-06-15 11:40:28 +02:00
Stephen Eckels
7ef78fdbce explorer: optimize cache and extractor interface (#1470) 
* Optimize cache and extractor interface

* Update changelog

* Run linter formatters

* Implement review feedback

* Move rulegen extractor construction to tab change

* Change rulegen cache construction behavior

* Adjust return values for CR, format

* Fix mypy errors

* Format

* Fix merge

---------

Co-authored-by: Stephen Eckels <stephen.eckels@mandiant.com>
 2023-06-13 12:00:06 -06:00
Capa Bot
43b2ee3c52 Sync capa rules submodule 2023-06-12 12:28:18 +00:00
Capa Bot
85a7c87830 Sync capa rules submodule 2023-06-12 12:18:23 +00:00
Willi Ballenthin
2d7e20f532 Merge pull request #1527 from xusheng6/fix_bn_unit_test 
Update the stack string detection with BN's builtin outlining of constant expressionss
 2023-06-12 10:41:15 +02:00
Capa Bot
cc993b67a3 Sync capa rules submodule 2023-06-12 06:58:29 +00:00
Xusheng
a74911e926 Add a test that asserts on the binja version 2023-06-09 13:44:07 +08:00
Xusheng
8cc16e8de9 Update the stack string detection with BN's builtin outlining of constant expressions 2023-06-09 13:41:53 +08:00
Capa Bot
0559e61af1 Sync capa rules submodule 2023-06-08 08:41:14 +00:00
Capa Bot
2fe0713faa Sync capa rules submodule 2023-06-07 10:17:28 +00:00
Willi Ballenthin
28629b352c Merge pull request #1502 from Aayush-Goel-04/Aayush-Goel-04/Issue#1411 
Update Metadata type in capa main
 2023-06-06 13:04:35 +02:00
Aayush Goel
e5f79c9f5c Merge branch 'mandiant:master' into Aayush-Goel-04/Issue#1411 2023-06-06 13:04:19 +05:30
Aayush Goel
c6815ef126 Update Model and FrozenModel Class 2023-06-06 13:02:30 +05:30
Willi Ballenthin
57095175d2 Merge pull request #1443 from yelhamer/feature-static-api-names 
Extract api names from ELF debug symbols [vivisect]
 2023-06-05 14:54:34 +02:00
Yacine Elhamer
5b260c00f4 fix symtab FunctionName feature scope address 2023-06-05 13:37:19 +01:00
Yacine Elhamer
9b0fb74d94 fix typo: "Elf" to "elf" 2023-06-05 13:36:50 +01:00
Yacine Elhamer
103b384c09 fix viv/extractor.py codestyle imports 2023-06-05 12:17:27 +01:00
Yacine Elhamer
65f18aecc8 fix mypy typing issues 2023-06-05 12:14:56 +01:00
Yacine Elhamer
e971bc4044 fix codestyle issues 2023-06-05 12:01:39 +01:00
Aayush Goel
b4870b120e Remove from_capa API for MetaData 2023-06-03 15:33:49 +05:30
Yacine Elhamer
7dff76b122 Merge branch 'master' into feature-static-api-names 2023-06-03 01:44:13 +01:00
Yacine Elhamer
be5ada26ea fix code style 2023-06-03 01:12:56 +01:00
Yacine Elhamer
5b903ca4f3 add error handling to SymTab and its callers 2023-06-02 23:19:14 +01:00
Yacine Elhamer
6b2710ac7e fix broken logic in extract_function_symtab_names() 2023-06-02 22:43:58 +01:00
Yacine Elhamer
764fda8e7b add missing Shdr.from_viv() method 2023-06-02 17:57:37 +01:00
Yacine Elhamer
151ef95b79 remove usage of vsGetField 2023-06-02 17:14:44 +01:00
Yacine Elhamer
4976375d74 elf.py: fix identation error 2023-06-02 16:30:17 +01:00
Yacine Elhamer
0b834a1623 delete functionName extraction at instruction level 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-02 15:56:14 +01:00
Yacine Elhamer
41c512624b update symtab-based FunctionName feature extraction 2023-06-02 14:44:51 +01:00
Yacine Elhamer
9467ee6f10 add FunctionName extraction at the function scope 2023-06-02 14:42:04 +01:00
Yacine Elhamer
dde76e301d add a method to construct SymTab objects from Elf objects 2023-06-02 12:15:05 +01:00
Aayush Goel
5ded85f46e Update CHANGELOG.md 2023-06-02 14:54:36 +05:30
Capa Bot
0cbe4618e1 Sync capa-testfiles submodule 2023-06-02 09:20:23 +00:00
Aayush Goel
f03ad2d208 Merge branch 'mandiant:master' into Aayush-Goel-04/Issue#1411 2023-06-02 14:47:24 +05:30
Willi Ballenthin
64dca7d801 Merge branch 'master' into feature-static-api-names 2023-06-02 09:26:25 +02:00
Willi Ballenthin
3834314c2a Merge pull request #1463 from Aayush-Goel-04/Aayush-Goel-04/Issue#1451 
Utility script to detect feature overlap between new and existing CAPA rules.
 2023-06-02 09:18:00 +02:00
Willi Ballenthin
144723be3c Merge pull request #1496 from mandiant/dependabot/pip/ruamel-yaml-0.17.28 
build(deps): bump ruamel-yaml from 0.17.21 to 0.17.28
 2023-06-02 09:16:29 +02:00
Capa Bot
0f54a6f67e Sync capa rules submodule 2023-06-02 07:13:58 +00:00