Commit Graph

4050 Commits

Author SHA1 Message Date
Aayush Goel 8331ed6ea0 Merge branch 'mandiant:master' into Aayush-Goel-04/Issue#322 2023-09-06 16:35:29 +05:30
Mike Hunhoff b0d55143a4 ghidra: update CI to use /Ghidra/Extensions (#1782) 2023-09-05 13:21:52 -06:00
Capa Bot e006702245 Sync capa rules submodule 2023-09-05 13:02:13 +00:00
Willi Ballenthin 1224b7e514 Merge pull request #1776 from mandiant/dependabot/pip/pre-commit-3.4.0
build(deps-dev): bump pre-commit from 3.3.3 to 3.4.0
2023-09-04 21:45:08 +02:00
dependabot[bot] 46e3ed1100 build(deps-dev): bump pre-commit from 3.3.3 to 3.4.0
Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.3.3 to 3.4.0.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v3.3.3...v3.4.0)

---
updated-dependencies:
- dependency-name: pre-commit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-04 14:45:22 +00:00
Mike Hunhoff 7b08f2d55a Merge pull request #1770 from mandiant/backend-ghidra
ghidra: add Ghidra feature extractor and supporting code
2023-08-30 10:41:01 -06:00
Mike Hunhoff d17db614b9 Update README.md 2023-08-30 10:33:38 -06:00
Aayush Goel 6317153ef0 Update tests/test_rules.py
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
2023-08-30 21:48:55 +05:30
Aayush Goel 24dad6bcc4 Update capa/rules/__init__.py
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
2023-08-30 21:48:48 +05:30
Aayush Goel ab3747e448 added com prefix CLSID, IID 2023-08-30 01:00:07 +05:30
colton-gabertan 72ed4d1165 push shellcode example 2023-08-29 18:05:03 +00:00
colton-gabertan 0ec682a464 add shellcode documentation & update Headless Analyzer example 2023-08-29 18:01:11 +00:00
colton-gabertan 37917b6181 update ghidra feat extractor docs 2023-08-29 17:28:49 +00:00
Mike Hunhoff a6e61ed6f1 Update capa/ghidra/README.md
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
2023-08-29 09:03:26 -06:00
Mike Hunhoff 1fddf800c6 Update capa/ghidra/README.md
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
2023-08-29 09:02:46 -06:00
Mike Hunhoff 0ffd631606 Update .github/workflows/tests.yml
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
2023-08-29 09:00:14 -06:00
Mike Hunhoff 7cc10401d5 fix #1772 2023-08-28 15:15:47 -06:00
Mike Hunhoff 3929164fc2 Merge branch 'backend-ghidra' of github.com:mandiant/capa into backend-ghidra 2023-08-28 13:24:23 -06:00
Mike Hunhoff f3a2a5958d fix Ghidra detection 2023-08-28 13:24:14 -06:00
Colton Gabertan 6d3f649a0c remove backend-ghidra from CI 2023-08-28 12:21:30 -07:00
Colton Gabertan e00608e298 ghidra hotfix: fix ghidrathon download (#1771)
* hotfix: fix ghidrathon download
2023-08-28 12:19:45 -07:00
Mike Hunhoff 995014afc2 merge upstream 2023-08-28 12:40:49 -06:00
Mike Hunhoff a522ae20f1 update CHANGELOG 2023-08-28 12:40:02 -06:00
Mike Hunhoff 203fc36865 cleanup CHANGELOG merge 2023-08-28 12:33:07 -06:00
Mike Hunhoff 7bd2467074 remove backend-ghidra from workflows 2023-08-28 12:32:52 -06:00
Willi Ballenthin f339bbf68c Merge pull request #1769 from mandiant/dependabot/pip/ruff-0.0.286
build(deps-dev): bump ruff from 0.0.285 to 0.0.286
2023-08-28 20:26:11 +02:00
Mike Hunhoff 8ed4062cf1 sync rules submodule with upstream 2023-08-28 12:13:10 -06:00
dependabot[bot] 807792f879 build(deps-dev): bump ruff from 0.0.285 to 0.0.286
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.285 to 0.0.286.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.0.285...v0.0.286)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-28 14:48:55 +00:00
Colton Gabertan 9cea7346b2 ghidra: documentation (#1759)
* Implement ghidra documentation
2023-08-27 19:21:36 -07:00
colton-gabertan d7c9ae26bc Merge branch 'master' into backend-ghidra 2023-08-26 02:08:22 +00:00
Colton Gabertan fddec33d04 ghidra: fix api info caching (#1766)
* cache and retrive imports, externs, and fakes in FunctionHandle objects

* reduce cache retreival calls

* cache in GhidraFeatureExtractor, point fh.ctx to cache

* move caching routine to __init__
2023-08-25 19:03:38 -07:00
Mike Hunhoff 65179805a7 add a Ghidra entry script users can invoke to run capa against a loaded Ghidra database (#1767)
* enable use of Ghidra with show-features.py

* fix bug in is_supported_file_type

* fix bug in GhidraFeatureExtractor.get_function

* refactor get_insn_in_range

* add Ghidra entry script for users to more easily run capa against a loaded Ghidra database

* update CHANGELOG

* fixing lint

* fix fixtures import issue

* fix bug in is_supported_arch_type

* add check for supported arch type

* fix extract_embedded_pe performance
2023-08-25 18:35:59 -07:00
Aayush Goel 90df85b332 test for com_feature
matching a file as expected
generating the bytes/strings
if an unknown COM class/interface is provided?
2023-08-25 20:59:58 +05:30
Aayush Goel bd0d8eb403 Update __init__.py
added parse_description for com feature
Update CHANGELOG.md
added comments, dealt with errors
2023-08-25 16:04:25 +05:30
Aayush Goel 9b79aa1983 Merge branch 'Aayush-Goel-04/Issue#322' of https://github.com/Aayush-Goel-04/capa into Aayush-Goel-04/Issue#322 2023-08-25 15:42:17 +05:30
Aayush Goel 172968c77e Update CHANGELOG.md 2023-08-25 15:42:02 +05:30
Aayush Goel f1a7049ab5 Merge branch 'master' into Aayush-Goel-04/Issue#322 2023-08-25 15:39:03 +05:30
Aayush Goel 155a2904fb Update CHANGELOG.md 2023-08-25 15:38:00 +05:30
Aayush Goel 4c2e8fd718 Merge branch 'Aayush-Goel-04/Issue#322' of https://github.com/Aayush-Goel-04/capa into Aayush-Goel-04/Issue#322 2023-08-25 15:33:52 +05:30
Aayush Goel 95e279a03b update com db
moved code to rules/init.py , create db for coms
2023-08-25 15:32:40 +05:30
Willi Ballenthin 9d21addc6b Merge pull request #1763 from mandiant/v6.1.0
version: v6.1.0
v6.1.0
2023-08-25 11:11:59 +02:00
Willi Ballenthin 9accb60eff changelog 2023-08-25 09:11:04 +00:00
Willi Ballenthin 61202913a6 changelog 2023-08-25 09:07:09 +00:00
Willi Ballenthin 2b59fef1b2 changelog 2023-08-25 09:05:57 +00:00
Willi Ballenthin ddff8634de changelog 2023-08-25 09:04:26 +00:00
Willi Ballenthin 1905f1bfbd changelog 2023-08-25 09:02:03 +00:00
Willi Ballenthin 7a70bc9b2a version: v6.1.0 2023-08-25 08:47:11 +00:00
Mike Hunhoff 448b122ef0 fix ints_to_bytes performance (#1761)
* fix ints_to_bytes performance
2023-08-24 16:01:41 -07:00
colton-gabertan bd2f7bc1f4 hotfix: fix indirect address dereference handling 2023-08-24 22:09:08 +00:00
Colton Gabertan 70d36ab640 properly set bounds for find_byte_sequence (#1757) 2023-08-23 15:40:15 -06:00