MBot Posted July 18, 2023 at 04:29 PM Share Posted July 18, 2023 at 04:29 PM v6.0.0 capa v6.0 brings many bug fixes and quality improvements, including 64 rule updates and 26 new rules. We're now publishing to PyPI via Trusted Publishing and have migrated to using a pyproject.toml file. @Aayush-Goel-04 contributed a lot of new code across many files, so please welcome them to the project, along with @anders-v @crowface28 @dkelly2e @RonnieSalomonsen and @ejfocampo as first-time rule contributors! For those that use capa as a library, we've introduced some limited breaking changes that better represent data types (versus less-structured data like dictionaries and strings). With the recent deprecation, we've also dropped support for Python 3.7. New Features add script to detect feature overlap between new and existing capa rules #1451 @Aayush-Goel-04 extract forwarded exports from PE files #1624 @williballenthin extract function and API names from ELF symtab entries @yelhamer mandiant/capa-rules#736 use fancy box drawing characters for default output #1586 @williballenthin Breaking Changes use a class to represent Metadata (not dict) #1411 @Aayush-Goel-04 @manasghandat use pathlib.Path to represent file paths #1534 @Aayush-Goel-04 Python 3.8 is now the minimum supported Python version #1578 @williballenthin Require a Contributor License Agreement (CLA) for PRs going forward #1642 @williballenthin New Rules (26) load-code/shellcode/execute-shellcode-via-windows-callback-function ervin.ocampo@mandiant.com jakub.jozwiak@mandiant.com nursery/execute-shellcode-via-indirect-call ronnie.salomonsen@mandiant.com data-manipulation/encryption/aes/encrypt-data-using-aes-mixcolumns-step @mr-tz linking/static/aplib/linked-against-aplib still@teamt5.org communication/mailslot/read-from-mailslot nick.simonian@mandiant.com nursery/hash-data-using-sha512managed-in-dotnet jonathanlepore@google.com nursery/compiled-with-exescript jonathanlepore@google.com nursery/check-for-sandbox-via-mac-address-ouis-in-dotnet jonathanlepore@google.com host-interaction/hardware/enumerate-devices-by-category @mr-tz host-interaction/service/continue-service @mr-tz host-interaction/service/pause-service @mr-tz persistence/exchange/act-as-exchange-transport-agent jakub.jozwiak@mandiant.com host-interaction/file-system/create-virtual-file-system-in-dotnet jakub.jozwiak@mandiant.com compiler/cx_freeze/compiled-with-cx_freeze @mr-tz jakub.jozwiak@mandiant.com communication/socket/create-vmci-socket jakub.jozwiak@mandiant.com persistence/office/act-as-excel-xll-add-in jakub.jozwiak@mandiant.com persistence/office/act-as-office-com-add-in jakub.jozwiak@mandiant.com persistence/office/act-as-word-wll-add-in jakub.jozwiak@mandiant.com anti-analysis/anti-debugging/debugger-evasion/hide-thread-from-debugger michael.hunhoff@mandiant.com jakub.jozwiak@mandiant.com host-interaction/memory/create-new-application-domain-in-dotnet jakub.jozwiak@mandiant.com host-interaction/gui/switch-active-desktop jakub.jozwiak@mandiant.com host-interaction/service/query-service-configuration @mr-tz anti-analysis/anti-av/patch-event-tracing-for-windows-function jakub.jozwiak@mandiant.com data-manipulation/encoding/xor/covertly-decode-and-write-data-to-windows-directory-using-indirect-calls dan.kelly@mandiant.com linking/runtime-linking/resolve-function-by-brute-ratel-badger-hash jakub.jozwiak@mandiant.com Bug Fixes extractor: add a Binary Ninja test that asserts its version #1487 @xusheng6 extractor: update Binary Ninja stack string detection after the new constant outlining feature #1473 @xusheng6 extractor: update vivisect Arch extraction #1334 @mr-tz extractor: avoid Binary Ninja exception when analyzing certain files #1441 @xusheng6 symtab: fix struct.unpack() format for 64-bit ELF files @yelhamer symtab: safeguard against ZeroDivisionError for files containing a symtab with a null entry size @yelhamer improve ELF strtab and needed parsing @mr-tz better handle exceptional cases when parsing ELF files #1458 @Aayush-Goel-04 improved testing coverage for Binary Ninja backend #1446 @Aayush-Goel-04 add logging and print redirect to tqdm for capa main #749 @Aayush-Goel-04 extractor: fix binja installation path detection does not work with Python 3.11 tests: refine the IDA test runner script #1513 @williballenthin output: don't leave behind traces of progress bar @williballenthin import-to-ida: fix bug introduced with JSON report changes in v5 #1584 @williballenthin main: don't show spinner when emitting debug messages #1636 @williballenthin capa explorer IDA Pro plugin Development update ATT&CK/MBC data for linting #1568 @mr-tz log time taken to analyze each function #1290 @williballenthin tests: make fixture available via conftest.py #1592 @williballenthin publish via PyPI trusted publishing #1491 @williballenthin migrate to pyproject.toml #1301 @williballenthin use pre-commit to invoke linters #1579 @williballenthin Raw diffs capa v5.1.0...v6.0.0 capa-rules v5.1.0...v6.0.0 Download Link to comment Share on other sites More sharing options...
Recommended Posts