gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-23 15:37:37 -08:00
Code Issues Packages Projects Releases Wiki Activity
4,178 Commits 45 Branches 48 Tags
85f151303a80a2aefa5533c5fdbcf04ca065044c
Commit Graph

4178 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yacine Elhamer
e1535dd574 remove Registry, Filename, and mutex features 2023-06-15 13:17:07 +01:00
Yacine Elhamer
22640eb900 cape/file.py: remove FunctionName feature extraction for imported functions 2023-06-15 12:44:57 +01:00
Yacine Elhamer
7e51e03043 cape/file.py: remove String, Filename, and Mutex features 2023-06-15 12:43:39 +01:00
Yacine Elhamer
865616284f cape/thread.py: remove yielding argument features 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 12:33:22 +01:00
Yacine Elhamer
0cf728b7e1 global_.py: update typo in yielded OS name 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 12:28:08 +01:00
Willi Ballenthin
a2d563b081 Merge branch 'dynamic-feature-extraction' into cape-extractor 2023-06-15 12:43:55 +02:00
Willi Ballenthin
8119aa6933 ci: do tests on dynamic-feature-extraction branch 2023-06-15 12:17:02 +02:00
Willi Ballenthin
6b953363d1 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:33 +02:00
Willi Ballenthin
139b240250 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:32 +02:00
Willi Ballenthin
36b5dff1f0 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:32 +02:00
Yacine Elhamer
7ae07d4de5 remove redundant types 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:32 +02:00
Yacine Elhamer
59ef52a271 remove default implementation 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:31 +02:00
Yacine Elhamer
34a1b22a38 remove ppid member from ProcessHandle 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:31 +02:00
Yacine Elhamer
b4f01fa6c2 add ppid documentation to the dynamic extractor interface 2023-06-15 11:40:30 +02:00
Yacine Elhamer
2d6d16dcd0 add parent process id to the process handle 2023-06-15 11:40:30 +02:00
Yacine Elhamer
1ccae4fef2 remove from_trace() and submit_sample() methods 2023-06-15 11:40:29 +02:00
Yacine Elhamer
ee30acab32 get_threads(): fix mypy typing 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-15 11:40:29 +02:00
Yacine Elhamer
5189bef325 fix bad comment 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-15 11:40:28 +02:00
Yacine Elhamer
17597580f4 add abstract DynamicExtractor class 2023-06-15 11:40:28 +02:00
Yacine Elhamer
f97f9e8646 Merge branch 'dynamic-features' into cape-extractor 2023-06-14 23:07:39 +01:00
Yacine Elhamer
91f1d41324 extract registry keys, files, and mutexes from the sample 2023-06-14 22:57:41 +01:00
Yacine Elhamer
d9d9d98ea0 update the Registry, Filename, and Mutex classes 2023-06-14 22:45:12 +01:00
Willi Ballenthin
e7115c7316 Update capa/features/extractors/base_extractor.py 2023-06-14 22:43:37 +01:00
Willi Ballenthin
6c58e26f14 Update capa/features/extractors/base_extractor.py 2023-06-14 22:43:37 +01:00
Willi Ballenthin
dc371580a5 Update capa/features/extractors/base_extractor.py 2023-06-14 22:43:37 +01:00
Yacine Elhamer
2a047073e9 remove redundant types 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 22:43:37 +01:00
Stephen Eckels
6e3b1bc240 explorer: optimize cache and extractor interface (#1470) 
* Optimize cache and extractor interface

* Update changelog

* Run linter formatters

* Implement review feedback

* Move rulegen extractor construction to tab change

* Change rulegen cache construction behavior

* Adjust return values for CR, format

* Fix mypy errors

* Format

* Fix merge

---------

Co-authored-by: Stephen Eckels <stephen.eckels@mandiant.com>
 2023-06-14 22:43:37 +01:00
Capa Bot
51faaae1d0 Sync capa rules submodule 2023-06-14 22:43:37 +01:00
Capa Bot
f55804ef06 Sync capa rules submodule 2023-06-14 22:43:37 +01:00
Xusheng
e671e1c87c Add a test that asserts on the binja version 2023-06-14 22:43:37 +01:00
Xusheng
a7aa817dce Update the stack string detection with BN's builtin outlining of constant expressions 2023-06-14 22:43:37 +01:00
Capa Bot
dcce4db6d5 Sync capa rules submodule 2023-06-14 22:43:37 +01:00
Yacine Elhamer
64c4f0f1aa remove default implementation 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 22:43:37 +01:00
Yacine Elhamer
a8f928200b remove ppid member from ProcessHandle 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 22:43:37 +01:00
Yacine Elhamer
58d42b09d9 add ppid documentation to the dynamic extractor interface 2023-06-14 22:43:37 +01:00
Yacine Elhamer
0cd481b149 remove redundant comments 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-14 22:42:25 +01:00
Yacine Elhamer
a66c55ca14 add the initial version of the cape extractor 2023-06-14 22:34:11 +01:00
Yacine Elhamer
18715dbe2e fix typo bug 2023-06-14 21:47:40 +01:00
Willi Ballenthin
23dee61389 Merge branch 'dynamic-feature-extraction' into cape-extractor 2023-06-14 12:41:08 +02:00
Willi Ballenthin
23dc3f29cd Merge pull request #1528 from yelhamer/dynamic-extractor 
add a Dynamic extractor interface
 2023-06-14 11:00:06 +02:00
Willi Ballenthin
4c701f4b6c Update capa/features/extractors/base_extractor.py 2023-06-14 10:59:07 +02:00
Willi Ballenthin
7a94f524b4 Update capa/features/extractors/base_extractor.py 2023-06-14 10:58:59 +02:00
Willi Ballenthin
23deb41436 Update capa/features/extractors/base_extractor.py 2023-06-14 10:58:50 +02:00
Yacine Elhamer
7198ebefc9 remove redundant types 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 09:58:33 +01:00
Willi Ballenthin
32cb57532e Merge branch 'dynamic-feature-extraction' into dynamic-extractor 2023-06-14 10:54:44 +02:00
Yacine Elhamer
edcfece993 remove default implementation 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 09:33:24 +01:00
Yacine Elhamer
baf209f3cc remove ppid member from ProcessHandle 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-14 09:33:07 +01:00
Yacine Elhamer
ece47c9ed5 add ppid documentation to the dynamic extractor interface 2023-06-14 09:05:53 +01:00
Yacine Elhamer
3d40ed968a Merge branch 'dynamic-features' into cape-extractor 2023-06-13 23:04:44 +01:00
Yacine Elhamer
10f56de5e8 Merge branch 'dynamic-extractor' into dynamic-features 2023-06-13 23:03:33 +01:00