gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-01 07:26:22 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,699 Commits 41 Branches 48 Tags
f5af2bf393dffccc7776299927831acd3947d91c
Commit Graph

3699 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yacine Elhamer
f5af2bf393 Merge branch 'test-cape-extractor' into cape-extractor 2023-06-20 10:47:56 +01:00
Yacine Elhamer
374fb033c1 add support for gzip compressed cape samples, and fix QakBot sample path 2023-06-20 10:29:52 +01:00
Yacine Elhamer
4db80e75a4 add mode and encoding parameters to open() 2023-06-20 10:13:06 +01:00
Yacine Elhamer
8547277958 tests/fixtures.py bugfix: remove redundant lambda function 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-20 10:10:42 +01:00
Yacine Elhamer
ec3366b0e5 Update tests/fixtures.py 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-20 10:09:27 +01:00
Yacine Elhamer
48bd04b387 tests/fixtures.py: return direct extractor with no intermediate variable 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-20 10:09:00 +01:00
Yacine Elhamer
41a481252c Update CHANGELOG.md 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-20 10:08:12 +01:00
Yacine Elhamer
a7cf3b5b10 features/insn.py: revert added strace-based API feature 2023-06-20 10:04:37 +01:00
Yacine Elhamer
ba63188f27 cape/file.py: fix bug in call to helpers.generate_symbols() 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-20 10:02:57 +01:00
Yacine Elhamer
9cc34cb70f cape/file.py: fix imports ordering and format 2023-06-20 00:19:55 +01:00
Yacine Elhamer
b9a4d72b42 cape/file.py: add usage of helpers.generate_symbols() 2023-06-20 00:12:21 +01:00
Yacine Elhamer
8eef210547 update changelog 2023-06-19 23:57:51 +01:00
Yacine Elhamer
ef999ed954 rules/__init__.py: remove redundant HBI features 2023-06-19 23:56:10 +01:00
Yacine Elhamer
33de609560 Revert "removed redundant HBI features" 
This reverts commit c88f859dae.
 2023-06-19 23:55:22 +01:00
Yacine Elhamer
624151c3f7 Revert "update changelog" 
This reverts commit 49b77d5477.
 2023-06-19 23:55:12 +01:00
Yacine Elhamer
c88f859dae removed redundant HBI features 2023-06-19 23:55:06 +01:00
Yacine Elhamer
49b77d5477 update changelog 2023-06-19 23:49:19 +01:00
Yacine Elhamer
d4c4a17eb7 bugfixes and add cape sample tests 2023-06-19 23:42:27 +01:00
Yacine Elhamer
3c8abab574 fix bugs and refactor code 2023-06-19 23:40:09 +01:00
Yacine Elhamer
38596f8d0e add features for the QakBot sample 2023-06-19 19:32:56 +01:00
Yacine Elhamer
4acdca090d bug fixes 2023-06-19 17:14:59 +01:00
Yacine Elhamer
f02178852b update changelog 2023-06-19 17:01:05 +01:00
Yacine Elhamer
98e7acddf4 fix codestyle issues 2023-06-19 16:59:27 +01:00
Yacine Elhamer
9458e851c0 update test sample's path 2023-06-19 16:46:24 +01:00
Yacine Elhamer
a04512d7b8 add unit tests for the cape feature extractor 2023-06-19 16:43:54 +01:00
Yacine Elhamer
d6fa832d83 cape: move get_processes() method to file scope 2023-06-19 13:50:46 +01:00
Yacine Elhamer
dbad921fa5 code style changes 2023-06-15 13:21:17 +01:00
Yacine Elhamer
e1535dd574 remove Registry, Filename, and mutex features 2023-06-15 13:17:07 +01:00
Yacine Elhamer
22640eb900 cape/file.py: remove FunctionName feature extraction for imported functions 2023-06-15 12:44:57 +01:00
Yacine Elhamer
7e51e03043 cape/file.py: remove String, Filename, and Mutex features 2023-06-15 12:43:39 +01:00
Yacine Elhamer
865616284f cape/thread.py: remove yielding argument features 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 12:33:22 +01:00
Yacine Elhamer
0cf728b7e1 global_.py: update typo in yielded OS name 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 12:28:08 +01:00
Willi Ballenthin
a2d563b081 Merge branch 'dynamic-feature-extraction' into cape-extractor 2023-06-15 12:43:55 +02:00
Willi Ballenthin
8119aa6933 ci: do tests on dynamic-feature-extraction branch 2023-06-15 12:17:02 +02:00
Willi Ballenthin
6b953363d1 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:33 +02:00
Willi Ballenthin
139b240250 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:32 +02:00
Willi Ballenthin
36b5dff1f0 Update capa/features/extractors/base_extractor.py 2023-06-15 11:40:32 +02:00
Yacine Elhamer
7ae07d4de5 remove redundant types 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:32 +02:00
Yacine Elhamer
59ef52a271 remove default implementation 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:31 +02:00
Yacine Elhamer
34a1b22a38 remove ppid member from ProcessHandle 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-15 11:40:31 +02:00
Yacine Elhamer
b4f01fa6c2 add ppid documentation to the dynamic extractor interface 2023-06-15 11:40:30 +02:00
Yacine Elhamer
2d6d16dcd0 add parent process id to the process handle 2023-06-15 11:40:30 +02:00
Yacine Elhamer
1ccae4fef2 remove from_trace() and submit_sample() methods 2023-06-15 11:40:29 +02:00
Yacine Elhamer
ee30acab32 get_threads(): fix mypy typing 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-15 11:40:29 +02:00
Yacine Elhamer
5189bef325 fix bad comment 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-06-15 11:40:28 +02:00
Yacine Elhamer
17597580f4 add abstract DynamicExtractor class 2023-06-15 11:40:28 +02:00
Yacine Elhamer
f97f9e8646 Merge branch 'dynamic-features' into cape-extractor 2023-06-14 23:07:39 +01:00
Yacine Elhamer
91f1d41324 extract registry keys, files, and mutexes from the sample 2023-06-14 22:57:41 +01:00
Yacine Elhamer
d9d9d98ea0 update the Registry, Filename, and Mutex classes 2023-06-14 22:45:12 +01:00
Willi Ballenthin
e7115c7316 Update capa/features/extractors/base_extractor.py 2023-06-14 22:43:37 +01:00