v6.1.0
·
1555 commits
to master
since this release
capa v6.1.0 is a bug fix release, most notably fixing unhandled exceptions in the capa explorer IDA Pro plugin. @Aayush-Goel-04 put a lot of effort into improving code quality and adding a script for rule authors. The script shows which features are present in a sample but not referenced by any existing rule. You could use this script to find opportunities for new rules.
Speaking of new rules, we have eight additions, coming from Ronnie, Jakub, Moritz, Ervin, and [email protected]!
New Features
- ELF: implement import and export name extractor #1607 #1608 @Aayush-Goel-04
- bump pydantic from 1.10.9 to 2.1.1 #1582 @Aayush-Goel-04
- develop script to highlight features not used during matching #331 @Aayush-Goel-04
New Rules (8)
- executable/pe/export/forwarded-export [email protected]
- host-interaction/bootloader/get-uefi-variable [email protected]
- host-interaction/bootloader/set-uefi-variable [email protected]
- nursery/enumerate-device-drivers-on-linux @mr-tz
- anti-analysis/anti-vm/vm-detection/check-for-foreground-window-switch [email protected]
- linking/static/sqlite3/linked-against-cppsqlite3 [email protected]
- linking/static/sqlite3/linked-against-sqlite3 [email protected]
Modified rules (9)
- anti-analysis/anti-forensic/self-deletion/self-delete.yml
- collection/browser/gather-chrome-based-browser-login-information.yml
- collection/browser/gather-firefox-profile-information.yml
- data-manipulation/encoding/base64/decode-data-using-base64-via-dword-translation-table.yml
- host-interaction/process/inject/free-user-process-memory.yml
- lib/get-os-version.yml
- nursery/deserialize-json-in-dotnet.yml
- nursery/serialize-json-in-dotnet.yml
- persistence/authentication-process/act-as-credential-manager-dll.yml
Renamed rules (1)
Bug Fixes
- rules: fix forwarded export characteristic #1656 @RonnieSalomonsen
- Binary Ninja: Fix stack string detection #1473 @xusheng6
- linter: skip native API check for NtProtectVirtualMemory #1675 @williballenthin
- OS: detect Android ELF files #1705 @williballenthin
- ELF: fix parsing of symtab #1704 @williballenthin
- result document: don't use deprecated pydantic functions #1718 @williballenthin
- pytest: don't mark IDA tests as pytest tests #1719 @williballenthin
capa explorer IDA Pro plugin
- fix unhandled exception when resolving rule path #1693 @mike-hunhoff
EDIT: a standalone binary created using Python 3.11 is now available.
Raw diffs
Contributors
williballenthin, mr-tz, and 4 other contributors