MBot

This release brings some assorted top-hitting bug fixes into the stable channel from the main development trunk. If this looks very similar to the preview channel, you're correct. These were heavy hitters, so we're rolling out to the whole population as quickly as we can. A preinstallation kit is available for system integrators and OEMs interested in prepackaging Windows Terminal with a Windows image. More information is available in the DISM documentation on preinstallation. Users who do not intend to preinstall Windows Terminal should continue using the msixbundle distribution. Bug Fixes Accessibility Resolves hang on launch for Windows Server 2022 (and similar client Windows versions) when tablet input keyboard is activated (#11312) Reliability Fix KeyChord constructor assertion failure during tab dragging (#11306) Terminal Emulation Fixes alignment of the mouse coordinates when the viewport is scrolled for all events, not just mouse button pressed event. (#11290) User Interface Clear selection on paste (#11286) (thanks @serd2011!) JSON Settings Fix serialisation of findMatch action to persist the direction (#11233) (thanks @ianjoneill!) Download

This release brings some assorted top-hitting bug fixes into the preview channel from the main development trunk. There's also a breaking change included here to ensure our consistency as we move into 1.12. We were alerted that the terminology "tray" is inappropriate for Taskbar Notification Area. This means that the minimizeToTray setting is now the minimzeToNotificationArea setting and the alwaysShowTrayIcon setting is now the alwaysShowNotificationIcon setting. There is no automatic migration of these settings as this terminology was only ever used in preview channel. Preview users will have to fix their settings files manually. (#11219) Bug Fixes Accessibility Resolves hang on launch for Windows Server 2022 (and similar client Windows versions) when tablet input keyboard is activated (#11312) Selecting text in the terminal while Narrator is open will no longer hang (#11386) Reliability Fix KeyChord constructor assertion failure during tab dragging (#11306) Terminal Emulation Fixes alignment of the mouse coordinates when the viewport is scrolled for all events, not just mouse button pressed event. (#11290) User Interface Clear selection on paste (#11286) (thanks @serd2011!) JSON Settings Fix serialisation of findMatch action to persist the direction (#11233) (thanks @ianjoneill!) Download

What's New Change History Installation Guide SHA-256: 1ce9bdf2d7f6bdfe5dccd06da828af31bc74acfd800f71ade021d5211e820d5e Download

feat: basic test for avlavel Download

Update frida-gum Download

This release fixes an issue with the standalone executables built with PyInstaller when running capa against ELF files. Bug Fixes fix bug in PyInstaller config preventing ELF analysis #795 @mr-tz Raw diffs capa v3.0.1...master capa-rules v3.0.1...master Download

This release is the first development build after the Windows Package Manager 1.1 release candidate build for Windows 10 (1809+). Experimental features have been enabled in this release. This build will be released to Windows Insider Dev builds, and Windows Package Manager Insiders. Download

This release represents our Windows Package Manager 1.1 release candidate build for Windows 10 (1809+). Experimental features have been disabled in this release. We will follow this release with another Pre-release "developer" build at GitHub so users can continue with experimental features available. Bugs #797 Silent install of "winget install git.git" is not working #1497 Make rename retry more frequently for longer, then try making a hardlink Download

This version updates the version of vivisect used by capa. Users will experience fewer bugs and find improved analysis results. Thanks to the community for highlighting issues and analysis misses. Your feedback is crucial to further improve capa. Bug Fixes fix many underlying bugs in vivisect analysis and update to version v1.0.5 #786 @williballenthin Raw diffs capa v3.0.0...v3.0.1 capa-rules v3.0.0...v3.0.1 Download

Update submodules Download

As usual there are many bug fixes, improvements to system call coverage, and incremental performance improvements. Thanks to all our contributors. Download

View changelog. Download

This release includes several new features related to the experimental Microsoft Store source. The REST API now has support for source level agreements, and an HTTP header pass through. Packages can also have agreements a user must accept before downloading and installing a package. We have also made improvements for handling silent installation with MSI UAC issues, and deferred registration for MSIX packages. A new experimental feature will show dependencies listed in a package manifest. The COM API is now considered a stable feature, and has been removed from experimental features. We have also started the work to begin supporting the new v1.1 schema #1243. The implementation for these new keys will follow in subsequent releases. Thanks to @ChungZH for making some UX improvements to show how many upgrades are available, and displaying the version number during install. Features #200 Require EULA/TOS acceptance before download starts. #893 Add support for an arbitrary HTTP header value in REST API #967 Max Installer nodes 1024 #1012 Experimental Show dependencies #1174 Added "doProgressTimeoutInSeconds" Setting #1216 Add Microsoft Store REST Source as default option and fix telemetry gaps #1337 Show the version number during install. #1354 winget upgrade: Display count of available upgrades #1396 Add support for rest api 1.1 interface #1397 Add deferred registration for MSIX #1398 Use MSI API to allow UAC prompts on MSI silent installs #1400 Client verbose logging does not log sufficient information to diagnose issues interacting with rest sources. #1419 Remove the packagedAPI experimental feature flag Bugs #1406 InstallerSuccessCodes in manifest schema does not provide any numerical limits #1416 winget source add doesn't warn you when adding an unsupported source. Download

We are excited to announce version 3.0! ? capa 3.0: adds support for ELF files targeting Linux thanks to Intezer adds new features to specify OS, CPU architecture, and file format fixes a few bugs that may have led to false negatives (missed capabilities) in older versions adds 80 new rules, including 36 describing techniques for Linux A huge thanks to everyone who submitted issues, provided feedback, and contributed code and rules. Special acknowledgement to @Adir-Shemesh and @TcM1911 of Intezer for contributing the code to enable ELF support. Also, welcome first time contributors: @jaredscottwilson @cdong1012 @jlepore-fe New Features all: add support for ELF files #700 @Adir-Shemesh @TcM1911 rule format: add feature format: for file format, like format: pe #723 @williballenthin rule format: add feature arch: for architecture, like arch: amd64 #723 @williballenthin rule format: add feature os: for operating system, like os: windows #723 @williballenthin rule format: add feature substring: for verbatim strings with leading/trailing wildcards #737 @williballenthin scripts: add profile-memory.py for profiling memory usage #736 @williballenthin main: add light weight ELF file feature extractor to detect file limitations #770 @mr-tz Breaking Changes rules using format, arch, os, or substring features cannot be used by capa versions prior to v3 legacy term arch (i.e., "x32") is now called bitness @williballenthin freeze format gains new section for "global" features #759 @williballenthin New Rules (80) collection/webcam/capture-webcam-image @johnk3r nursery/list-drag-and-drop-files michael.hunhoff@fireeye.com nursery/monitor-clipboard-content michael.hunhoff@fireeye.com nursery/monitor-local-ipv4-address-changes michael.hunhoff@fireeye.com nursery/load-windows-common-language-runtime michael.hunhoff@fireeye.com nursery/resize-volume-shadow-copy-storage michael.hunhoff@fireeye.com nursery/add-user-account-group michael.hunhoff@fireeye.com nursery/add-user-account-to-group michael.hunhoff@fireeye.com nursery/add-user-account michael.hunhoff@fireeye.com nursery/change-user-account-password michael.hunhoff@fireeye.com nursery/delete-user-account-from-group michael.hunhoff@fireeye.com nursery/delete-user-account-group michael.hunhoff@fireeye.com nursery/delete-user-account michael.hunhoff@fireeye.com nursery/list-domain-servers michael.hunhoff@fireeye.com nursery/list-groups-for-user-account michael.hunhoff@fireeye.com nursery/list-user-account-groups michael.hunhoff@fireeye.com nursery/list-user-accounts-for-group michael.hunhoff@fireeye.com nursery/list-user-accounts michael.hunhoff@fireeye.com nursery/parse-url michael.hunhoff@fireeye.com nursery/register-raw-input-devices michael.hunhoff@fireeye.com anti-analysis/packer/gopacker/packed-with-gopacker jared.wilson@fireeye.com host-interaction/driver/create-device-object @mr-tz host-interaction/process/create/execute-command @mr-tz data-manipulation/encryption/create-new-key-via-cryptacquirecontext chuong.dong@fireeye.com host-interaction/log/clfs/append-data-to-clfs-log-container blaine.stancill@mandiant.com host-interaction/log/clfs/read-data-from-clfs-log-container blaine.stancill@mandiant.com data-manipulation/encryption/hc-128/encrypt-data-using-hc-128-via-wolfssl blaine.stancill@mandiant.com c2/shell/create-unix-reverse-shell joakim@intezer.com c2/shell/execute-shell-command-received-from-socket joakim@intezer.com collection/get-current-user joakim@intezer.com host-interaction/file-system/change-file-permission joakim@intezer.com host-interaction/hardware/memory/get-memory-information joakim@intezer.com host-interaction/mutex/lock-file joakim@intezer.com host-interaction/os/version/get-kernel-version joakim@intezer.com host-interaction/os/version/get-linux-distribution joakim@intezer.com host-interaction/process/terminate/terminate-process-via-kill joakim@intezer.com lib/duplicate-stdin-and-stdout joakim@intezer.com nursery/capture-network-configuration-via-ifconfig joakim@intezeer.com nursery/collect-ssh-keys joakim@intezer.com nursery/enumerate-processes-via-procfs joakim@intezer.com nursery/interact-with-iptables joakim@intezer.com persistence/persist-via-desktop-autostart joakim@intezer.com persistence/persist-via-shell-profile-or-rc-file joakim@intezer.com persistence/service/persist-via-rc-script joakim@intezer.com collection/get-current-user-on-linux joakim@intezer.com collection/network/get-mac-address-on-windows moritz.raabe@fireeye.com host-interaction/file-system/read/read-file-on-linux moritz.raabe@fireeye.com joakim@intezer.com host-interaction/file-system/read/read-file-on-windows moritz.raabe@fireeye.com host-interaction/file-system/write/write-file-on-windows william.ballenthin@fireeye.com host-interaction/os/info/get-system-information-on-windows moritz.raabe@fireeye.com joakim@intezer.com host-interaction/process/create/create-process-on-windows moritz.raabe@fireeye.com linking/runtime-linking/link-function-at-runtime-on-windows moritz.raabe@fireeye.com nursery/create-process-on-linux joakim@intezer.com nursery/enumerate-files-on-linux william.ballenthin@fireeye.com nursery/get-mac-address-on-linux joakim@intezer.com nursery/get-system-information-on-linux joakim@intezer.com nursery/link-function-at-runtime-on-linux joakim@intezer.com nursery/write-file-on-linux joakim@intezer.com communication/socket/tcp/send/obtain-transmitpackets-callback-function-via-wsaioctl jonathan.lepore@mandiant.com nursery/linked-against-cpp-http-library @mr-tz nursery/linked-against-cpp-json-library @mr-tz Bug Fixes main: fix KeyError: 0 when reporting results @williballehtin #703 main: fix potential false negatives due to namespaces across scopes @williballenthin #721 linter: suppress some warnings about imports from ntdll/ntoskrnl @williballenthin #743 linter: suppress some warnings about missing examples in the nursery @williballenthin #747 capa explorer IDA Pro plugin explorer: add additional filter logic when displaying matches by function #686 @mike-hunhoff explorer: remove duplicate check when saving file #687 @mike-hunhoff explorer: update IDA extractor to use non-canon mnemonics #688 @mike-hunhoff explorer: allow user to add specified number of bytes when adding a Bytes feature in the Rule Generator #689 @mike-hunhoff explorer: enforce max column width Features and Editor panes #691 @mike-hunhoff explorer: add option to limit features to currently selected disassembly address #692 @mike-hunhoff explorer: update support documentation and runtime checks #741 @mike-hunhoff explorer: small performance boost to rule generator search functionality #742 @mike-hunhoff explorer: add support for arch, os, and format features #758 @mike-hunhoff explorer: improve parsing algorithm for rule generator feature editor #768 @mike-hunhoff Development Raw diffs capa v2.0.0...v3.0.0 capa-rules v2.0.0...v3.0.0 Download

View changelog. Download

GDB 11.1 Release. Download

[VERSION] 0.3.1.3 Download

…(Issue #89) Download

What's New Change History Installation Guide SHA-256: 1e1d363c18622b9477bddf0cc172ec55e56cac1416b332a5c53906a78eb87989 Download

[FEATURE] Set size of the printed PID column to 4 Download

[NOBIN] Removed empty file: iat_finder.cpp Download

See https://frida.re/news/ for details. Download

Update submodules Download

See https://frida.re/news/ for details. Download

v1.11.2421.0 Download