MBot Postado Agosto 5, 2020 em 14:19 Compartilhar Postado Agosto 5, 2020 em 14:19 This release brings new rule format updates, such as adding offset/x32 and negative offsets, fixes some bugs identified by the community, and 28 (!) new rules. We received contributions from eight reverse engineers, including four new ones: @re-fox @psifertex @BitsOfBinary @threathive Download a standalone binary below and checkout the readme here on GitHub. Report issues on our issue tracker and contribute new rules at capa-rules. New features import: add Binary Ninja import script #205 #207 @psifertex rules: offsets can be negative #197 #208 @williballenthin rules: enable descriptions for statement nodes #194 #209 @Ana06 rules: add arch flavors to number and offset features #210 #216 @williballenthin render: show SHA1/SHA256 in default report #164 @threathive tests: add tests for IDA Pro backend #202 @williballenthin New rules check for unmoving mouse cursor @BitsOfBinary check mutex and exit @re-fox parse credit card information @re-fox read ini file @re-fox validate credit card number with luhn algorithm @re-fox change the wallpaper @re-fox acquire debug privileges @williballenthin import public key @williballenthin terminate process by name @williballenthin encrypt data using DES @re-fox encrypt data using DES via WinAPI @re-fox hash data using sha1 via x86 extensions @re-fox hash data using sha256 via x86 extensions @re-fox capture network configuration via ipconfig @re-fox hash data via WinCrypt @mike-hunhoff get file attributes @mike-hunhoff allocate thread local storage @mike-hunhoff get thread local storage value @mike-hunhoff set thread local storage @mike-hunhoff get session integrity level @mike-hunhoff add file to cabinet file @mike-hunhoff flush cabinet file @mike-hunhoff open cabinet file @mike-hunhoff gather firefox profile information @re-fox encrypt data using skipjack @re-fox encrypt data using camellia @re-fox hash data using tiger @re-fox encrypt data using blowfish @re-fox encrypt data using twofish @re-fox Bug fixes linter: fix exception when examples is None @Ana06 linter: fix suggested recommendations via templating @williballenthin render: fix exception when rendering counts @williballenthin render: fix render of negative offsets @williballenthin extractor: fix segmentation violation from vivisect @williballenthin main: fix crash when .viv cannot be saved #168 @secshoggoth @williballenthin main: fix shellcode .viv save path @williballenthin Changes doc: explain how to bypass gatekeeper on macOS @psifertex doc: explain supported linux distributions @Ana06 doc: explain submodule update with --init @psifertex main: improve program help output @mr-tz main: disable progress when run in quiet mode @mr-tz main: assert supported IDA versions @mr-tz extractor: better identify nested pointers to strings @williballenthin setup: specify vivisect download url @Ana06 setup: pin vivisect version @williballenthin setup: bump vivisect dependency version @williballenthin setup: set Python project name to flare-capa @williballenthin ci: run tests and linter via Github Actions @Ana06 hooks: run style checkers and hide stashed output @Ana06 linter: ignore period in rule filename @williballenthin linter: warn on nursery rule with no changes needed @williballenthin Raw diffs capa v1.0.0...v1.1.0 capa-rules v1.0.0...v1.1.0 Download Link para o comentário Compartilhar em outros sites More sharing options...
Posts Recomendados
Arquivado
Este tópico foi arquivado e está fechado para novas respostas.