Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mandiant/capa-rules
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v7.3.0
Choose a base ref
...
head repository: mandiant/capa-rules
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v7.4.0
Choose a head ref
  • 14 commits
  • 17 files changed
  • 6 contributors

Commits on Sep 20, 2024

  1. rules: dotnet: adding new .NET rules

    @mike-hunhoff
    mike-hunhoff committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    e67af53 View commit details
    Browse the repository at this point in the history

Commits on Sep 22, 2024

  1. Merge pull request #931 from mandiant/new/20240920 

    rules: dotnet: adding new .NET rules
    @mr-tz
    mr-tz authored Sep 22, 2024
    Configuration menu
    Copy the full SHA
    1bf58dc View commit details
    Browse the repository at this point in the history

Commits on Sep 24, 2024

  1. Add access-firewall-policy-via-inetfwpolicy2.yml and access-firewall-… 

    …rule-properties-via-inetfwrule.yml
    @jtothej
    jtothej committed Sep 24, 2024
    Configuration menu
    Copy the full SHA
    c23d9f3 View commit details
    Browse the repository at this point in the history

  2. Add SysWhispers2 detection & add 0x2e syscall detection (#888) 

    * Add SysWhisper2 detection & add int 2e to syscall detection

---------

Signed-off-by: Still Hsu <dev@stillu.cc>
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
    @Still34 @mr-tz
    Still34 and mr-tz authored Sep 24, 2024
    Configuration menu
    Copy the full SHA
    1fd0d8e View commit details
    Browse the repository at this point in the history

Commits on Sep 26, 2024

  1. Add rule for detecting hiding shutdown actions (#935) 

    * Add initial rule for hiding shutdown actions

Signed-off-by: Still Hsu <dev@stillu.cc>

---------

Signed-off-by: Still Hsu <dev@stillu.cc>
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
    @Still34 @mr-tz
    Still34 and mr-tz authored Sep 26, 2024
    Configuration menu
    Copy the full SHA
    9da73be View commit details
    Browse the repository at this point in the history

  2. Add rule get-process-filename.yml (#936)

    @mwilliams31
    mwilliams31 authored Sep 26, 2024
    Configuration menu
    Copy the full SHA
    627395d View commit details
    Browse the repository at this point in the history

  3. Update pull_request_template.md

    @mr-tz
    mr-tz authored Sep 26, 2024
    Configuration menu
    Copy the full SHA
    2356f1c View commit details
    Browse the repository at this point in the history

Commits on Sep 27, 2024

  1. Merge pull request #937 from mandiant/mr-tz-patch-1 

    update repo URL
    @mr-tz
    mr-tz authored Sep 27, 2024
    Configuration menu
    Copy the full SHA
    bd3f812 View commit details
    Browse the repository at this point in the history

Commits on Sep 30, 2024

  1. add rule for driver major function ID (#939) 

    * add rule
    @mr-tz
    mr-tz authored Sep 30, 2024
    Configuration menu
    Copy the full SHA
    109890c View commit details
    Browse the repository at this point in the history

  2. add packed-with-nmm-protect (#940) 

    * add packed-with-nmm-protect

* nmm-protect: add os and description
    @williballenthin
    williballenthin authored Sep 30, 2024
    Configuration menu
    Copy the full SHA
    896d912 View commit details
    Browse the repository at this point in the history

Commits on Oct 2, 2024

  1. Merge pull request #932 from jtothej/netfw1 

    Add access-firewall-policy-via-inetfwpolicy2.yml and access-firewall-…
    @mr-tz
    mr-tz authored Oct 2, 2024
    Configuration menu
    Copy the full SHA
    003341b View commit details
    Browse the repository at this point in the history

Commits on Oct 3, 2024

  1. New rule: open-recentdocs-registry-key.yml (#938) 

    * Add rule get-process-filename.yml

---------

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
    @mwilliams31 @mr-tz
    mwilliams31 and mr-tz authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    2317949 View commit details
    Browse the repository at this point in the history

Commits on Oct 4, 2024

  1. disable for dynamic scope

    @mr-tz
    mr-tz authored Oct 4, 2024
    Configuration menu
    Copy the full SHA
    0228c36 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #942 from mandiant/mr-tz-patch-1 

    disable for dynamic scope
    @mr-tz
    mr-tz authored Oct 4, 2024
    Configuration menu
    Copy the full SHA
    64b174e View commit details
    Browse the repository at this point in the history
Loading