Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mandiant/capa-rules
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v9.0.0
Choose a base ref
...
head repository: mandiant/capa-rules
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v9.1.0
Choose a head ref
  • 7 commits
  • 57 files changed
  • 5 contributors

Commits on Feb 20, 2025

  1. use "span of calls" scope for registry operations that span multiple … 

    …calls, e.g. open registry key and set value (#999)

* use span of calls scope for registry operations

* fix lints
    @mike-hunhoff
    mike-hunhoff authored Feb 20, 2025
    Configuration menu
    Copy the full SHA
    8c62595 View commit details
    Browse the repository at this point in the history

  2. additional APIs to remove FNs for inject apc

    @mike-hunhoff
    mike-hunhoff committed Feb 20, 2025
    Configuration menu
    Copy the full SHA
    b444a58 View commit details
    Browse the repository at this point in the history

Commits on Feb 21, 2025

  1. Merge pull request #1001 from mandiant/fix/fn/inject-apc

    @mr-tz
    mr-tz authored Feb 21, 2025
    Configuration menu
    Copy the full SHA
    33ccbf2 View commit details
    Browse the repository at this point in the history

  2. add "change registry key timestamp" (#1003) 

    closes #1000

graduate change-registry-key-timestamp with example

typo

add references
    @williballenthin
    williballenthin authored Feb 21, 2025
    Configuration menu
    Copy the full SHA
    00684bb View commit details
    Browse the repository at this point in the history

  3. tighten Windows mutex related rules (#1004)

    @mike-hunhoff
    mike-hunhoff authored Feb 21, 2025
    Configuration menu
    Copy the full SHA
    71dd21d View commit details
    Browse the repository at this point in the history

Commits on Feb 22, 2025

  1. Clearing Event Log with wevtapi functions (#1006) 

    * Added related wevtapi functions

* Update clear-windows-event-logs.yml

* Update clear-windows-event-logs.yml

* Create clear-windows-event-logs-remotely.yml

* Update clear-windows-event-logs-remotely.yml

* Update clear-windows-event-logs-remotely.yml

* Update clear-windows-event-logs-remotely.yml

* Revert "Update clear-windows-event-logs-remotely.yml"

This reverts commit 97b5730.

* Update clear-windows-event-logs-remotely.yml

* Update clear-windows-event-logs-remotely.yml

---------

Co-authored-by: Elad Levi <getelmusic@gmail.com>
    @JakePeralta7 @getel-arch
    JakePeralta7 and getel-arch authored Feb 22, 2025
    Configuration menu
    Copy the full SHA
    9c86fbe View commit details
    Browse the repository at this point in the history

Commits on Feb 25, 2025

  1. add more APIs to remove use-process-replacement FNs (#1009)

    @mike-hunhoff
    mike-hunhoff authored Feb 25, 2025
    Configuration menu
    Copy the full SHA
    6221d9b View commit details
    Browse the repository at this point in the history
Loading