-
Postagens
700 -
Registro em
-
Última visita
Nunca -
Dias Ganhos
1
Tipo de Conteúdo
Fóruns
Treinamentos
Notícias
Artigos
Contribuindo
Profissões
Materiais de estudo
Pesquisa
Downloads
Loja
Eventos
Blogs
Galeria
Posts postados por MBot
-
-
See https://frida.re/news/ for details.
-
-
- New CLI entrypoint (no more 'run_speakeasy.py', it's just 'speakeasy' now)
- Child process emulation support
- New API handlers
- API handler bug fixes and improvements
-
- New CLI entrypoint (no more 'run_speakeasy.py', it's just 'speakeasy' now)
- Child process emulation support
- New API handlers
- API handler bug fixes and improvements
-
- Child process emulation support
- New CLI entrypoint (no more run_speakeasy.py)
- New API handlers
- API handler bug fixes
-
New Language Features
- Adjusted pattern detection for Roslyn 3.11
- C# 7.0 pattern matching
- C# 9 covariant returns
Contributions
- Updated ReadyToRun. (by @cshung in #2489)
- Analyzers: Return valid modules only. (by @zvirja in #2496)
- Extensibility: Make SearchTermMatches virtual. (by @beaverden in #2494)
- Support loading compressed Xamarin assemblies. (by @cpraehaus in #2471)
- Fix null check in
BamlDecompilerTypeSystem.HasType
(by @yyjdelete in #2509)
Visual Studio AddIn
- Allow to open ILSpy on project and package references
Enhancements
- Add "Extract package entry" context menu entry for binaries inside bundles/packages.
- Better support for voice commands/keyboard navigation.
- Proper support for long paths in Windows 10 in
WholeProjectDecompiler
. - IL disassembly: Option to show raw offsets and instruction bytes.
- IL disassembly: Show header sizes.
- Add simple public API for
XamlDecompiler
Bug fixes
- #2379: This fixes an issue where
return
statements within try-blocks could turn intogoto
statements. - #2052: BAML-to-XAML: Resolve namespaces of properties
- #1858 and #2188: Improved decompilation of display-classes.
- #2424: Suppress the string==null special-case within the string class itself.
- #2092: aggressively inline code in compiler-generated lambdas and expression trees.
- And many other fixes, for a full list click here.
-
This release brings some assorted top-hitting bug fixes into the stable channel from the main development trunk.
If this looks very similar to the preview channel, you're correct. These were heavy hitters, so we're rolling out to the whole population as quickly as we can.
A preinstallation kit is available for system integrators and OEMs interested in prepackaging Windows Terminal with a Windows image. More information is available in the DISM documentation on preinstallation. Users who do not intend to preinstall Windows Terminal should continue using the msixbundle distribution.
Bug Fixes
Accessibility
- Resolves hang on launch for Windows Server 2022 (and similar client Windows versions) when tablet input keyboard is activated (#11312)
Reliability
- Fix KeyChord constructor assertion failure during tab dragging (#11306)
Terminal Emulation
- Fixes alignment of the mouse coordinates when the viewport is scrolled for all events, not just mouse button pressed event. (#11290)
User Interface
JSON Settings
- Fix serialisation of findMatch action to persist the direction (#11233) (thanks @ianjoneill!)
-
This release brings some assorted top-hitting bug fixes into the preview channel from the main development trunk.
There's also a breaking change included here to ensure our consistency as we move into 1.12. We were alerted that the terminology "tray" is inappropriate for Taskbar Notification Area. This means that the
minimizeToTray
setting is now theminimzeToNotificationArea
setting and thealwaysShowTrayIcon
setting is now thealwaysShowNotificationIcon
setting. There is no automatic migration of these settings as this terminology was only ever used in preview channel. Preview users will have to fix their settings files manually. (#11219)Bug Fixes
Accessibility
- Resolves hang on launch for Windows Server 2022 (and similar client Windows versions) when tablet input keyboard is activated (#11312)
- Selecting text in the terminal while Narrator is open will no longer hang (#11386)
Reliability
- Fix KeyChord constructor assertion failure during tab dragging (#11306)
Terminal Emulation
- Fixes alignment of the mouse coordinates when the viewport is scrolled for all events, not just mouse button pressed event. (#11290)
User Interface
JSON Settings
- Fix serialisation of findMatch action to persist the direction (#11233) (thanks @ianjoneill!)
-
- What's New
- Change History
- Installation Guide
- SHA-256:
1ce9bdf2d7f6bdfe5dccd06da828af31bc74acfd800f71ade021d5211e820d5e
-
feat: basic test for avlavel
-
Update frida-gum
-
This release fixes an issue with the standalone executables built with PyInstaller when running capa against ELF files.
Bug Fixes
Raw diffs
-
This release is the first development build after the Windows Package Manager 1.1 release candidate build for Windows 10 (1809+).
Experimental features have been enabled in this release. This build will be released to Windows Insider Dev builds, and Windows Package Manager Insiders.
-
This release represents our Windows Package Manager 1.1 release candidate build for Windows 10 (1809+).
Experimental features have been disabled in this release. We will follow this release with another Pre-release "developer" build at GitHub so users can continue with experimental features available.
Bugs
#797 Silent install of "winget install git.git" is not working
#1497 Make rename retry more frequently for longer, then try making a hardlink -
This version updates the version of vivisect used by capa. Users will experience fewer bugs and find improved analysis results.
Thanks to the community for highlighting issues and analysis misses. Your feedback is crucial to further improve capa.
Bug Fixes
- fix many underlying bugs in vivisect analysis and update to version v1.0.5 #786 @williballenthin
Raw diffs
-
Update submodules
-
As usual there are many bug fixes, improvements to system call coverage, and incremental performance improvements. Thanks to all our contributors.
-
-
This release includes several new features related to the experimental Microsoft Store source. The REST API now has support for source level agreements, and an HTTP header pass through. Packages can also have agreements a user must accept before downloading and installing a
package. We have also made improvements for handling silent installation with MSI UAC issues, and deferred registration for MSIX packages. A new experimental feature will show dependencies listed in a package manifest. The COM API is now considered a stable feature, and has been removed from experimental features. We have also started the work to begin supporting the new v1.1 schema #1243. The implementation for these new keys will follow in subsequent releases.Thanks to @ChungZH for making some UX improvements to show how many upgrades are available, and displaying the version number during install.
Features
#200 Require EULA/TOS acceptance before download starts.
#893 Add support for an arbitrary HTTP header value in REST API
#967 Max Installer nodes 1024
#1012 Experimental Show dependencies
#1174 Added "doProgressTimeoutInSeconds" Setting
#1216 Add Microsoft Store REST Source as default option and fix telemetry gaps
#1337 Show the version number during install.
#1354 winget upgrade: Display count of available upgrades
#1396 Add support for rest api 1.1 interface
#1397 Add deferred registration for MSIX
#1398 Use MSI API to allow UAC prompts on MSI silent installs
#1400 Client verbose logging does not log sufficient information to diagnose issues interacting with rest sources.
#1419 Remove the packagedAPI experimental feature flagBugs
#1406 InstallerSuccessCodes in manifest schema does not provide any numerical limits
#1416 winget source add doesn't warn you when adding an unsupported source. -
We are excited to announce version 3.0! ?
capa 3.0:
- adds support for ELF files targeting Linux thanks to Intezer
- adds new features to specify OS, CPU architecture, and file format
- fixes a few bugs that may have led to false negatives (missed capabilities) in older versions
- adds 80 new rules, including 36 describing techniques for Linux
A huge thanks to everyone who submitted issues, provided feedback, and contributed code and rules.
Special acknowledgement to @Adir-Shemesh and @TcM1911 of Intezer for contributing the code to enable ELF support.
Also, welcome first time contributors:New Features
- all: add support for ELF files #700 @Adir-Shemesh @TcM1911
- rule format: add feature
format:
for file format, likeformat: pe
#723 @williballenthin - rule format: add feature
arch:
for architecture, likearch: amd64
#723 @williballenthin - rule format: add feature
os:
for operating system, likeos: windows
#723 @williballenthin - rule format: add feature
substring:
for verbatim strings with leading/trailing wildcards #737 @williballenthin - scripts: add
profile-memory.py
for profiling memory usage #736 @williballenthin - main: add light weight ELF file feature extractor to detect file limitations #770 @mr-tz
Breaking Changes
- rules using
format
,arch
,os
, orsubstring
features cannot be used by capa versions prior to v3 - legacy term
arch
(i.e., "x32") is now calledbitness
@williballenthin - freeze format gains new section for "global" features #759 @williballenthin
New Rules (80)
- collection/webcam/capture-webcam-image @johnk3r
- nursery/list-drag-and-drop-files michael.hunhoff@fireeye.com
- nursery/monitor-clipboard-content michael.hunhoff@fireeye.com
- nursery/monitor-local-ipv4-address-changes michael.hunhoff@fireeye.com
- nursery/load-windows-common-language-runtime michael.hunhoff@fireeye.com
- nursery/resize-volume-shadow-copy-storage michael.hunhoff@fireeye.com
- nursery/add-user-account-group michael.hunhoff@fireeye.com
- nursery/add-user-account-to-group michael.hunhoff@fireeye.com
- nursery/add-user-account michael.hunhoff@fireeye.com
- nursery/change-user-account-password michael.hunhoff@fireeye.com
- nursery/delete-user-account-from-group michael.hunhoff@fireeye.com
- nursery/delete-user-account-group michael.hunhoff@fireeye.com
- nursery/delete-user-account michael.hunhoff@fireeye.com
- nursery/list-domain-servers michael.hunhoff@fireeye.com
- nursery/list-groups-for-user-account michael.hunhoff@fireeye.com
- nursery/list-user-account-groups michael.hunhoff@fireeye.com
- nursery/list-user-accounts-for-group michael.hunhoff@fireeye.com
- nursery/list-user-accounts michael.hunhoff@fireeye.com
- nursery/parse-url michael.hunhoff@fireeye.com
- nursery/register-raw-input-devices michael.hunhoff@fireeye.com
- anti-analysis/packer/gopacker/packed-with-gopacker jared.wilson@fireeye.com
- host-interaction/driver/create-device-object @mr-tz
- host-interaction/process/create/execute-command @mr-tz
- data-manipulation/encryption/create-new-key-via-cryptacquirecontext chuong.dong@fireeye.com
- host-interaction/log/clfs/append-data-to-clfs-log-container blaine.stancill@mandiant.com
- host-interaction/log/clfs/read-data-from-clfs-log-container blaine.stancill@mandiant.com
- data-manipulation/encryption/hc-128/encrypt-data-using-hc-128-via-wolfssl blaine.stancill@mandiant.com
- c2/shell/create-unix-reverse-shell joakim@intezer.com
- c2/shell/execute-shell-command-received-from-socket joakim@intezer.com
- collection/get-current-user joakim@intezer.com
- host-interaction/file-system/change-file-permission joakim@intezer.com
- host-interaction/hardware/memory/get-memory-information joakim@intezer.com
- host-interaction/mutex/lock-file joakim@intezer.com
- host-interaction/os/version/get-kernel-version joakim@intezer.com
- host-interaction/os/version/get-linux-distribution joakim@intezer.com
- host-interaction/process/terminate/terminate-process-via-kill joakim@intezer.com
- lib/duplicate-stdin-and-stdout joakim@intezer.com
- nursery/capture-network-configuration-via-ifconfig joakim@intezeer.com
- nursery/collect-ssh-keys joakim@intezer.com
- nursery/enumerate-processes-via-procfs joakim@intezer.com
- nursery/interact-with-iptables joakim@intezer.com
- persistence/persist-via-desktop-autostart joakim@intezer.com
- persistence/persist-via-shell-profile-or-rc-file joakim@intezer.com
- persistence/service/persist-via-rc-script joakim@intezer.com
- collection/get-current-user-on-linux joakim@intezer.com
- collection/network/get-mac-address-on-windows moritz.raabe@fireeye.com
- host-interaction/file-system/read/read-file-on-linux moritz.raabe@fireeye.com joakim@intezer.com
- host-interaction/file-system/read/read-file-on-windows moritz.raabe@fireeye.com
- host-interaction/file-system/write/write-file-on-windows william.ballenthin@fireeye.com
- host-interaction/os/info/get-system-information-on-windows moritz.raabe@fireeye.com joakim@intezer.com
- host-interaction/process/create/create-process-on-windows moritz.raabe@fireeye.com
- linking/runtime-linking/link-function-at-runtime-on-windows moritz.raabe@fireeye.com
- nursery/create-process-on-linux joakim@intezer.com
- nursery/enumerate-files-on-linux william.ballenthin@fireeye.com
- nursery/get-mac-address-on-linux joakim@intezer.com
- nursery/get-system-information-on-linux joakim@intezer.com
- nursery/link-function-at-runtime-on-linux joakim@intezer.com
- nursery/write-file-on-linux joakim@intezer.com
- communication/socket/tcp/send/obtain-transmitpackets-callback-function-via-wsaioctl jonathan.lepore@mandiant.com
- nursery/linked-against-cpp-http-library @mr-tz
- nursery/linked-against-cpp-json-library @mr-tz
Bug Fixes
- main: fix
KeyError: 0
when reporting results @williballehtin #703 - main: fix potential false negatives due to namespaces across scopes @williballenthin #721
- linter: suppress some warnings about imports from ntdll/ntoskrnl @williballenthin #743
- linter: suppress some warnings about missing examples in the nursery @williballenthin #747
capa explorer IDA Pro plugin
- explorer: add additional filter logic when displaying matches by function #686 @mike-hunhoff
- explorer: remove duplicate check when saving file #687 @mike-hunhoff
- explorer: update IDA extractor to use non-canon mnemonics #688 @mike-hunhoff
- explorer: allow user to add specified number of bytes when adding a Bytes feature in the Rule Generator #689 @mike-hunhoff
- explorer: enforce max column width Features and Editor panes #691 @mike-hunhoff
- explorer: add option to limit features to currently selected disassembly address #692 @mike-hunhoff
- explorer: update support documentation and runtime checks #741 @mike-hunhoff
- explorer: small performance boost to rule generator search functionality #742 @mike-hunhoff
- explorer: add support for arch, os, and format features #758 @mike-hunhoff
- explorer: improve parsing algorithm for rule generator feature editor #768 @mike-hunhoff
Development
Raw diffs
-
-
GDB 11.1 Release.
-
[VERSION] 0.3.1.3
-
GEF 2021.10
em Releases de software
Postado
Release 2021.10 - Royal Kill
Download