-
Postagens
688 -
Registro em
-
Última visita
Nunca -
Dias Ganhos
1
Tipo de Conteúdo
Fóruns
Treinamentos
Notícias
Artigos
Contribuindo
Profissões
Materiais de estudo
Pesquisa
Downloads
Loja
Eventos
Blogs
Galeria
Posts postados por MBot
-
-
- What's New
- Change History
- Installation Guide
- SHA-256:
63833361bea8ef5ada1bc28cd2aa2ae4ab43204d2672b595500372582152eebe
-
submodules: Bump outdated
-
capa v6.1.0 is a bug fix release, most notably fixing unhandled exceptions in the capa explorer IDA Pro plugin. @Aayush-Goel-04 put a lot of effort into improving code quality and adding a script for rule authors. The script shows which features are present in a sample but not referenced by any existing rule. You could use this script to find opportunities for new rules.
Speaking of new rules, we have eight additions, coming from Ronnie, Jakub, Moritz, Ervin, and still@teamt5.org!
New Features
- ELF: implement import and export name extractor #1607 #1608 @Aayush-Goel-04
- bump pydantic from 1.10.9 to 2.1.1 #1582 @Aayush-Goel-04
- develop script to highlight features not used during matching #331 @Aayush-Goel-04
New Rules (8)
- executable/pe/export/forwarded-export ronnie.salomonsen@mandiant.com
- host-interaction/bootloader/get-uefi-variable jakub.jozwiak@mandiant.com
- host-interaction/bootloader/set-uefi-variable jakub.jozwiak@mandiant.com
- nursery/enumerate-device-drivers-on-linux @mr-tz
- anti-analysis/anti-vm/vm-detection/check-for-foreground-window-switch ervin.ocampo@mandiant.com
- linking/static/sqlite3/linked-against-cppsqlite3 still@teamt5.org
- linking/static/sqlite3/linked-against-sqlite3 still@teamt5.org
Modified rules (9)
- anti-analysis/anti-forensic/self-deletion/self-delete.yml
- collection/browser/gather-chrome-based-browser-login-information.yml
- collection/browser/gather-firefox-profile-information.yml
- data-manipulation/encoding/base64/decode-data-using-base64-via-dword-translation-table.yml
- host-interaction/process/inject/free-user-process-memory.yml
- lib/get-os-version.yml
- nursery/deserialize-json-in-dotnet.yml
- nursery/serialize-json-in-dotnet.yml
- persistence/authentication-process/act-as-credential-manager-dll.yml
Renamed rules (1)
Bug Fixes
- rules: fix forwarded export characteristic #1656 @RonnieSalomonsen
- Binary Ninja: Fix stack string detection #1473 @xusheng6
- linter: skip native API check for NtProtectVirtualMemory #1675 @williballenthin
- OS: detect Android ELF files #1705 @williballenthin
- ELF: fix parsing of symtab #1704 @williballenthin
- result document: don't use deprecated pydantic functions #1718 @williballenthin
- pytest: don't mark IDA tests as pytest tests #1719 @williballenthin
capa explorer IDA Pro plugin
- fix unhandled exception when resolving rule path #1693 @mike-hunhoff
Raw diffs
-
Changelog: 2023.08 - Disguised Wedding
Important Note
GEF and GEF-Extras have both moved to using the
main
branch as the default. Therefore if you contribute to the code, make sure your PRs are made against themain
branch.Highlights of
Disguised Wedding
- Fix typo in docs by @bkrl in #949
- Remove outdated sentence in docs by @bkrl in #948
- [docs] Regenerating
api/gef.md
by @hugsy in #951 - add nopi command it patchs full instructions by @therealdreg in #959
- nop: Fix off-by-one in unmap check by @Grazfather in #960
- Wrap docs by @Grazfather in #962
- add skipi command by @therealdreg in #964
- add site/ directory generated by mkdocs to .gitignore by @therealdreg in #968
- add new nop command features by @therealdreg in #967
- nop: Add force req when not already --f by @Grazfather in #970
- Small cleanup - sets by @Grazfather in #972
- Restore
autosave_breakpoints_file
behavior by @hugsy in #969 - Fix hardcoded NOP instructions for ARM/AARCH64 by @hugsy in #971
- reformat README by @Grazfather in #976
- Minor additions to the documentation by @hugsy in #975
- [Docs] Added linting for markdown files by @hugsy in #977
- fix issue link by @therealdreg in #979
- under license mit -> under mit license by @therealdreg in #980
- [CI] Upgrade notification actions by @hugsy in #981
- Restore
main
as the default branch by @hugsy in #983 - Switch dev refs to main by @hugsy in #982
- Setup
pre-commit
for GEF by @hugsy in #984 - add debugging instructions by @therealdreg in #985
- add forbidden words checks to coverage action by @therealdreg in #991
- [CI] Use
pull_request_target
for coverage trigger by @hugsy in #990 - Fix context regs regression that broke reg order by @Grazfather in #993
- Added docs to debug using VSCode by @hugsy in #995
Contributors
Author Number of commits hugsy 13 Dreg 8 Grazfather 6 Alexander Zhang 2 New Contributors
Closed Issues
Closed Pull Requests
- 25 PRs closed ( 995 • 993 • 992 • 991 • 990 • 989 • 988 • 987 • 985 • 984 • 983 • 982 • 981 • 980 • 979 • 977 • 976 • 975 • 972 • 971 • 970 • 969 • 968 • 967 • 966 )
Commit details
44 commits since 2023.06Commit log
- 2023-04-22 a6f4cc1 • Alexander Zhang • Fix typo in docs (#949)
- 2023-04-24 ac73217 • crazy hugsy • [ci] coverage use dedicated token
- 2023-04-25 102288f • Alexander Zhang • Update sentence about Python version in docs (#948)
- 2023-05-27 91f4d70 • crazy hugsy • [docs] Regenerating
api/gef.md
(#951) - 2023-05-29 0fd751e • crazy hugsy • Update README.md
- 2023-07-13 74e8626 • Dreg • Update
nop
command to patch entire instructions (#959) - 2023-07-13 ca7418c • Grazfather • nop: Fix off-by-one in unmap check (#960)
- 2023-07-18 7fd94ab • Grazfather • Wrap docs (#962)
- 2023-07-19 577ad02 • Dreg • Add
skipi
command to skip N instructions (#964) - 2023-07-21 b2d3edc • crazy hugsy • Update coverage.yml
- 2023-07-21 b0f4fa9 • Dreg • add
site/
directory generated by mkdocs to.gitignore
(#968) - 2023-07-21 99c59a9 • Dreg • adjust the behavior (and options) for the
nop
command (#967) - 2023-07-21 9170ac0 • Grazfather • nop: Add force req when not already --f (#970)
- 2023-07-22 81ee52d • Grazfather • Small cleanup - sets (#972)
- 2023-07-22 e529fbc • crazy hugsy • Restore
autosave_breakpoints_file
behavior (#969) - 2023-07-22 0461d6f • crazy hugsy • Fix hardcoded NOP instructions for ARM/AARCH64 (#971)
- 2023-07-30 27a29d9 • Grazfather • Reformat README (#976)
- 2023-07-31 b57e174 • crazy hugsy • Minor additions to the documentation (#975)
- 2023-08-01 5e23739 • crazy hugsy • [Docs] Added linting for markdown files (#977)
- 2023-08-02 ea7ed49 • Dreg • Fix link in testing docs (#979)
- 2023-08-02 51804c8 • Dreg • Fixed phrasing in docs (#980)
- 2023-08-05 a825c84 • crazy hugsy • [ci] Upgrade notification actions (#981)
- 2023-08-06 8f0f444 • crazy hugsy • Restore
main
as the default branch (#983) - 2023-08-07 878cbf2 • crazy hugsy • Switch dev refs to main (#982)
- 2023-08-07 7c170cf • crazy hugsy • Setup
pre-commit
for GEF (#984) - 2023-08-14 d27efd3 • Dreg • Add debugging instructions (#985)
- 2023-08-16 371f273 • Dreg • [CI] Add forbidden words checks to coverage action (#991)
- 2023-08-16 67c363d • crazy hugsy • [CI] Use
pull_request_target
for coverage trigger (#990) - 2023-08-16 9f79363 • Grazfather • Fix context regs regression that broke reg order (#993)
- 2023-08-20 7856b70 • hugsy • Added docs to debug using VSCode
- 2023-08-20 cc3b0ca • hugsy • Fixed un-ended comment tag in pr_template md file
File diff
.editorconfig | 3 + .github/CONTRIBUTING.md | 33 +- .github/FUNDING.yml | 1 - .github/ISSUE_TEMPLATE/bug_report.yaml | 6 +- .github/PULL_REQUEST_TEMPLATE.md | 31 +- .github/stale.yml | 2 +- .github/workflows/coverage.yml | 68 +- .github/workflows/docs-link-check.yml | Bin 998 -> 0 bytes .github/workflows/generate-docs.yml | 1 - .../workflows/{discord-notify.yml => notify.yml} | 55 +- .github/workflows/run-tests.yml | 7 - .github/workflows/validate.yml | 31 + .gitignore | 1 + .pre-commit-config.yaml | 25 + LICENSE | 2 +- README.md | 100 +- docs/.markdownlint.yaml | 256 + docs/api.md | 131 +- docs/api/gef.md | 23212 +++++++++++++++++++ docs/commands/aliases.md | 42 +- docs/commands/aslr.md | 15 +- docs/commands/canary.md | 10 +- docs/commands/checksec.md | 12 +- docs/commands/config.md | 39 +- docs/commands/context.md | 193 +- docs/commands/dereference.md | 44 +- docs/commands/edit-flags.md | 22 +- docs/commands/elf-info.md | 11 +- docs/commands/entry-break.md | 18 +- docs/commands/eval.md | 8 +- docs/commands/format-string-helper.md | 25 +- docs/commands/functions.md | 33 +- docs/commands/gef-remote.md | 61 +- docs/commands/gef.md | 77 +- docs/commands/got.md | 16 +- docs/commands/heap-analysis-helper.md | 55 +- docs/commands/heap.md | 171 +- docs/commands/help.md | 2 +- docs/commands/hexdump.md | 29 +- docs/commands/highlight.md | 24 +- docs/commands/hijack-fd.md | 15 +- docs/commands/ksymaddr.md | 10 +- docs/commands/memory.md | 45 +- docs/commands/name-break.md | 26 +- docs/commands/nop.md | 64 +- docs/commands/patch.md | 2 +- docs/commands/pattern.md | 42 +- docs/commands/pcustom.md | 108 +- docs/commands/pie.md | 67 +- docs/commands/print-format.md | 22 +- docs/commands/process-search.md | 32 +- docs/commands/process-status.md | 8 +- docs/commands/registers.md | 13 +- docs/commands/reset-cache.md | 2 +- docs/commands/scan.md | 22 +- docs/commands/search-pattern.md | 41 +- docs/commands/shellcode.md | 9 +- docs/commands/skipi.md | 18 + docs/commands/stub.md | 29 +- docs/commands/theme.md | 30 +- docs/commands/tmux-setup.md | 37 +- docs/commands/trace-run.md | 16 +- docs/commands/version.md | 15 +- docs/commands/vmmap.md | 13 +- docs/commands/xfiles.md | 6 +- docs/commands/xinfo.md | 15 +- docs/commands/xor-memory.md | 32 +- docs/compat.md | 8 +- docs/config.md | 25 +- docs/debugging.md | 131 + docs/deprecated.md | 27 +- docs/faq.md | 179 +- docs/functions/base.md | 11 +- docs/functions/bss.md | 8 +- docs/functions/got.md | 8 +- docs/functions/heap.md | 8 +- docs/functions/stack.md | 9 +- docs/index.md | 88 +- docs/install.md | 84 +- docs/obsolete/docs/index.md | 1 - docs/screenshots.md | 23 +- docs/testing.md | 34 +- gef.py | 223 +- mkdocs.yml | 4 +- scripts/gef-extras.sh | 2 +- scripts/gef.sh | 5 - scripts/generate-api-docs.sh | 2 +- scripts/vscode_debug.py | 7 + tests/api/deprecated.py | 1 - tests/api/gef_heap.py | 1 - tests/api/misc.py | 2 +- tests/binaries/nested.c | 2 +- tests/binaries/nested2.c | 2 +- tests/commands/functions.py | 1 - tests/commands/gef.py | 1 - tests/commands/gef_remote.py | 1 - tests/commands/got.py | 1 - tests/commands/heap.py | 1 - tests/commands/heap_analysis.py | 1 - tests/commands/hexdump.py | 3 - tests/commands/name_break.py | 1 - tests/commands/nop.py | 278 +- tests/commands/pattern.py | 1 - tests/commands/pie.py | 1 - tests/commands/process_status.py | 2 - tests/commands/registers.py | 1 - tests/commands/reset_cache.py | 2 - tests/commands/scan.py | 1 - tests/commands/search_pattern.py | 6 +- tests/commands/skipi.py | 62 + tests/commands/stub.py | 2 +- tests/config/__init__.py | 1 - tests/requirements.txt | 1 + 113 files changed, 25567 insertions(+), 1307 deletions(-)
-
What's Changed
- fix(github workflow) depcreated set-output and docker/build-push-action by @LordNoteworthy in #412
- feat (services) post-processor to include first_seen when it's absent by @LordNoteworthy in #413
- feat: add loki-stack chart for log aggregation by @LordNoteworthy in #414
- fix(storage): guarantee sequential write in s3 download by @LordNoteworthy in #415
- fix: Set the nsq config maxInFlight to the same # of goroutines by @LordNoteworthy in #416
- fix(services): increase multi-av scan timeout and nsq msg timeout by @LordNoteworthy in #417
- doc: add documentation how to use compose to develop in the codebase by @LordNoteworthy in #418
- feat: make pulling image contrainers more generic from private registries by @LordNoteworthy in #419
- feat: externalize multi-av scan timeout by @LordNoteworthy in #420
- helm: populate multiav default values for scanTimeout and logLevel by @LordNoteworthy in #421
- feat: change multiav scan timeout from an int (seconds) to duration (string) by @LordNoteworthy in #427
- chore(helm): fix _helpers template by @LordNoteworthy in #428
- chore(helm): default values for new config entries in web apis by @LordNoteworthy in #429
- fix(services): set the status for task progress by @LordNoteworthy in #431
- fix(helm): webapis extra cors origins + new UI by @LordNoteworthy in #432
- fix: update compose to match new UI env vars & bump go to v1.18 by @LordNoteworthy in #433
- feat: Create a summary of behavior activities in sandbox by @LordNoteworthy in #435
- chore(deps): bump google.golang.org/grpc from 1.52.0 to 1.53.0 by @dependabot in #437
- feat(sandbox): append process ID to system events and make events an array instead of an object by @LordNoteworthy in #438
- feat(sandbox): scanning artifacs with Yara by @LordNoteworthy in #439
- feat(sandbox): store process tree data by @LordNoteworthy in #441
- increase gRPC msg size + fix timeout fmt + artifacts length by @LordNoteworthy in #442
- feat: store big byte* API parameters to object storage by @LordNoteworthy in #443
Full Changelog: v0.4.0...v0.5.0
-
This is the second development build after the Windows Package Manager 1.6 build for Windows 10 (1809+) and Windows 11. This build will be released to Windows Insider Dev builds and Windows Package Manager Insiders.
Experimental features are enabled in this release. The experimental feature for the
winget download
command is now supported and included in this release. You can now specify the package installer you want to download locally.Run
winget features
to see which experimental features are enabled or disabled. Add the following to your settings (winget settings
) file to enable the experimental features such asWinGet download
:"experimentalFeatures": { "dependencies": true, "directMSI": true, "configuration": true, "windowsFeature": true, "download": true, },
Windows Package Manager also includes Winget configuration, which automatically handles the setup and configuration requirements for an ideal development environment on your Windows machine. WinGet configuration file helps with installing and managing software packages, applications, programming languages, frameworks, tools, or settings necessary for a project.
Check out our session at Microsoft Build to learn how to get your machine to a ready-to-code state.
A prerelease version of the Microsoft.WinGet.Client PowerShell module has been published to the PowerShell Gallery and will no longer be included as a release asset. To install the latest version of the PowerShell module, run the following command in PowerShell 7+.
Install-Module -Name Microsoft.WinGet.Client
The PowerShell module requires App Installer (winget) to be installed. The
Repair-WinGetPackageManager
cmdlet (work in progress) is designed to install or repair App Installer.What's Changed
- Create SUPPORT.md by @denelon in #3340
- Update README.md by @denelon in #3341
- Update README.md by @mdanish-kh in #3342
- Fix for onboarding to GitOps.ResourceManagement by @Trenly in #3350
- Onboarding to GitOps.ResourceManagement by @microsoft-github-policy-service in #3347
- #2874: Fix for error git submodule status: fatal no submodule mapping… by @gigi81 in #3305
- Move GitOps rules to their own files by @Trenly in #3352
- Fix Component Governance alerts by @msftrubengu in #3355
- Add Breaking-Change label to comment triggers by @Trenly in #3357
- Respect Group Policies for sources by @florelis in #3367
- Stub upgrade self by @msftrubengu in #3299
- Refresh process path variable when installing package dependencies by @ryfu-msft in #3296
- Network troubleshooting by @denelon in #3389
- Microsoft.WinGet.Configuration samples by @msftrubengu in #3369
- Support for out of process configuration clients by @JohnMcPMS in #3363
- Force close sandbox server upon timeout by @yao-msft in #3392
- Relax InstallationNotes max length by @yao-msft in #3397
- Fix wingetutil nuget publish pipeline by @yao-msft in #3396
- Improve packaged test log collection and fix crash by @JohnMcPMS in #3395
- Do not attempt post install ARP correlation if PackageFamilyName is provided and present for the user by @JohnMcPMS in #3391
- Support winget installing AppInstaller by @msftrubengu in #3377
- configure test command "implemented" by @JohnMcPMS in #3414
- Disable RTTI by @JohnMcPMS in #3422
- Explicitly close file stream on FileLogger destruction by @yao-msft in #3424
- Add configuration binaries to binskim scan and fix issues by @yao-msft in #3426
- Build fixes by @msftrubengu in #3433
- Fix using expired cert in tests by @msftrubengu in #3435
- Repair-WinGetPackageManager improvements by @msftrubengu in #3423
- Download command by @ryfu-msft in #3376
- Add initial version of yaml manifest 1.6 by @yao-msft in #3449
- Configure validate command by @JohnMcPMS in #3441
- Add missing definitions to release builds by @msftrubengu in #3450
- Populate missing ManifestVersion for manifest from rest source and make PackageFamilyName and installer type manifest validation warning by @yao-msft in #3460
- Add file logger to the statics object creation by @JohnMcPMS in #3451
- Skip stub packages for msix installer validation by @yao-msft in #3468
- Upgrade 1.6 schema to 2020-12 by @Trenly in #3478
- Allow
--include-unknown
in list--upgrade-available
by @florelis in #3473 - Simplify creating local index by @msftrubengu in #3445
- Move functions to cmdlets for Microsoft.WinGet.Client by @msftrubengu in #3469
- Generate manifest for Winget Download by @ryfu-msft in #3448
- Implement DownloadCommandProhibited by @yao-msft in #3487
- Fix Component Governace issue with System.Security.Cryptography.Xml by @yao-msft in #3495
- Revert "Down sampling (#2950)" by @JohnMcPMS in #3511
- Move Microsoft.WinGet.Client E2E test to Pester framework by @msftrubengu in #3503
- Don't copy processor's output binaries by @msftrubengu in #3526
- Attempt to prevent crash in
TelemetryTraceLogger::InitializeInternal()
by @florelis in #3527
New Contributors
- @microsoft-github-policy-service made their first contribution in #3347
- @gigi81 made their first contribution in #3305
Full Changelog: v1.6.1573-preview...v1.6.2291-preview
-
This release is the third stable release of Windows Package Manager 1.5 for Windows 10 (1809+) and Windows 11.
This release contains a minor servicing fix to revert an issue with down sampling telemetry as well as populating the manifest version for rest source manifests.
The Microsoft.WinGet.Client PowerShell module has been published to the PowerShell Gallery.
Experimental features have been disabled in this release. We will follow this release with another preview release build at GitHub so users can continue with experimental features available.
What's Changed
- Revert "Down sampling (#2950)" by @JohnMcPMS in #3511
- Populate missing ManifestVersion for manifest from rest source and ma… by @yao-msft in #3474
Full Changelog: release-v1.5.1881...release-v1.5.2201
-
Please see the file NEWS for a detailed list of changes.
Note: all versions are functionally equivalent, i.e. each version can handle all executable formats, so you only need the file that runs on your host OS.
Security/VirusTotal links are listed in the pinned issue #437
Asset / File Description / Host OS upx-4.1.0-amd64_linux.tar.xz UPX - Linux version upx-4.1.0-arm64_linux.tar.xz UPX - Linux version upx-4.1.0-armeb_linux.tar.xz UPX - Linux version upx-4.1.0-arm_linux.tar.xz UPX - Linux version upx-4.1.0-dos.zip UPX - DOS version upx-4.1.0-i386_linux.tar.xz UPX - Linux version upx-4.1.0-mipsel_linux.tar.xz UPX - Linux version upx-4.1.0-mips_linux.tar.xz UPX - Linux version upx-4.1.0-powerpc64le_linux.tar.xz UPX - Linux version upx-4.1.0-powerpc_linux.tar.xz UPX - Linux version upx-4.1.0-src.tar.xz UPX - source code tarball upx-4.1.0-win32.zip UPX - X86 Win32 version upx-4.1.0-win64.zip UPX - X64 Win64 version -
-
ILSpy 8.x is based on .NET 6.0 compared to .NET Framework 4.7.2 for the previous generations of ILSpy. All artifacts except the self-contained distribution are built framework-dependent, which means .NET 6.0.2 must be installed prior to starting ILSpy.
New Language Features
- C# 11 checked operators
- C# 11 unsigned right shift operator
- C# 11 UTF8 string literals
- C# 11 numeric IntPtr
- C# 11 ref fields and scoped
- mcs 2.6.4 pinned regions
- Updated pattern-detection for Roslyn 4.6.0
Contributions
- Copy clipboard with full syntax-highlighting (#3045 by @ltrzesniewski)
- Fix sequence-points on expression-bodied members (#3032 by @KirillOsenkov)
- Fix annotations on nested type references (#3030 by @ltrzesniewski)
- Add clipboard-related context menu to resources tables (#3024 by @miloush)
- Fix decompilation of record with missing base type (#3021 by @andrewcrawley)
- Add support for mcs 2.6.4 pinned regions (#3015 by @ElektroKill)
- Improvements in CustomDebugInformation metadata table (#2799 by @fowl2)
- Fix ArgumentOutOfRangeException on unexpected file in GAC (#2960 by @ificator)
- Support for compound-assignments on pointers (by @ElektroKill)
- Added a search box for resource tables (by @miloush)
Enhancements
- Default update check for dotnet tool ilspycmd (#3035). Use --disable-updatecheck in automation scenarios.
- VS 2022 extension ships with both x64 and ARM64 binaries (#3009)
- Added ARM64 binaries and ARM64 installer downloads
- WholeProjectDecompiler: Improve resources -> resx conversion
- Improve decompilation of compound-assignments involving local variables
- Refactor ILReader to support re-imports of basic blocks (#901)
Bug fixes
- #2891: Populate framework_dirs with the correct values depending on the current host runtime.
And many other fixes, for a full list click here.
-
-
Far too many small improvements across the last 3 years to list!
Thanks to all contributors!
As with previous releases, unfortunately, the automatically generated .zip and .tar.gz files that github generates don't include sub-modules. So please use the edb-debugger-1.4.0.tgz tarball that I've attached, which should have included all submodules needed for compilation.
- 1
-
Official GNU Binutils 2.41 release
-
Release 0.60.1
-
Release 0.60.0
-
Please see the file CHANGELOG for a detailed list of changes.
Asset / File Description / Host OS die_sourcecode_3.08.tar.gz Source code tarball Detect_It_Easy-3.08-x86_64.AppImage Portable version for Linux How to run die_3.08_Debian_10_amd64.deb Installer for Debian 10 die_3.08_Debian_11_amd64.deb Installer for Debian 11 die_3.08_Debian_12_amd64.deb Installer for Debian 12 die_3.08_Ubuntu_14.04_amd64.deb Installer for Ubuntu 14.04 die_3.08_Ubuntu_16.04_amd64.deb Installer for Ubuntu 16.04 die_3.08_Ubuntu_18.04_amd64.deb Installer for Ubuntu 18.04 die_3.08_Ubuntu_20.04_amd64.deb Installer for Ubuntu 20.04 die_3.08_Ubuntu_22.04_amd64.deb Installer for Ubuntu 22.04 die_3.08_Ubuntu_22.10_amd64.deb Installer for Ubuntu 22.10 die_3.08_Ubuntu_23.04_amd64.deb Installer for Ubuntu 23.04 die_3.08_portable_Ubuntu_20.04_amd64.tar.gz Portable version for Ubuntu 20.04 detect-it-easy-3.08-1-x86_64.pkg.tar.zst Installer for Arch Linux die_mac_3.08_x86_64.pkg Installer for macOS die_mac_qt6_3.08_arm64.pkg Installer for macOS Qt6 M1 processor die_mac_portable_3.08_x86_64.zip Portable version for macOS die_win32_portable_3.08_x86.zip Portable version for x86 Win32 (Win7-Win11) die_win64_portable_3.08_x64.zip Portable version for x64 Win64 (Win7-Win11) die_winxp_portable_3.08_x86.zip Portable version for Windows XP (WinXP-Win11) Experimental versions - There may be bugs in the GUI
Asset / File Description / Host OS die_win64_qt6_portable_3.08_x64.zip Portable version for x64 Win64 Qt6 (Win10-Win11) -
v6.0.0
capa v6.0 brings many bug fixes and quality improvements, including 64 rule updates and 26 new rules. We're now publishing to PyPI via Trusted Publishing and have migrated to using a
pyproject.toml
file. @Aayush-Goel-04 contributed a lot of new code across many files, so please welcome them to the project, along with @anders-v @crowface28 @dkelly2e @RonnieSalomonsen and @ejfocampo as first-time rule contributors!For those that use capa as a library, we've introduced some limited breaking changes that better represent data types (versus less-structured data like dictionaries and strings). With the recent deprecation, we've also dropped support for Python 3.7.
New Features
- add script to detect feature overlap between new and existing capa rules #1451 @Aayush-Goel-04
- extract forwarded exports from PE files #1624 @williballenthin
- extract function and API names from ELF symtab entries @yelhamer mandiant/capa-rules#736
- use fancy box drawing characters for default output #1586 @williballenthin
Breaking Changes
- use a class to represent Metadata (not dict) #1411 @Aayush-Goel-04 @manasghandat
- use pathlib.Path to represent file paths #1534 @Aayush-Goel-04
- Python 3.8 is now the minimum supported Python version #1578 @williballenthin
- Require a Contributor License Agreement (CLA) for PRs going forward #1642 @williballenthin
New Rules (26)
- load-code/shellcode/execute-shellcode-via-windows-callback-function ervin.ocampo@mandiant.com jakub.jozwiak@mandiant.com
- nursery/execute-shellcode-via-indirect-call ronnie.salomonsen@mandiant.com
- data-manipulation/encryption/aes/encrypt-data-using-aes-mixcolumns-step @mr-tz
- linking/static/aplib/linked-against-aplib still@teamt5.org
- communication/mailslot/read-from-mailslot nick.simonian@mandiant.com
- nursery/hash-data-using-sha512managed-in-dotnet jonathanlepore@google.com
- nursery/compiled-with-exescript jonathanlepore@google.com
- nursery/check-for-sandbox-via-mac-address-ouis-in-dotnet jonathanlepore@google.com
- host-interaction/hardware/enumerate-devices-by-category @mr-tz
- host-interaction/service/continue-service @mr-tz
- host-interaction/service/pause-service @mr-tz
- persistence/exchange/act-as-exchange-transport-agent jakub.jozwiak@mandiant.com
- host-interaction/file-system/create-virtual-file-system-in-dotnet jakub.jozwiak@mandiant.com
- compiler/cx_freeze/compiled-with-cx_freeze @mr-tz jakub.jozwiak@mandiant.com
- communication/socket/create-vmci-socket jakub.jozwiak@mandiant.com
- persistence/office/act-as-excel-xll-add-in jakub.jozwiak@mandiant.com
- persistence/office/act-as-office-com-add-in jakub.jozwiak@mandiant.com
- persistence/office/act-as-word-wll-add-in jakub.jozwiak@mandiant.com
- anti-analysis/anti-debugging/debugger-evasion/hide-thread-from-debugger michael.hunhoff@mandiant.com jakub.jozwiak@mandiant.com
- host-interaction/memory/create-new-application-domain-in-dotnet jakub.jozwiak@mandiant.com
- host-interaction/gui/switch-active-desktop jakub.jozwiak@mandiant.com
- host-interaction/service/query-service-configuration @mr-tz
- anti-analysis/anti-av/patch-event-tracing-for-windows-function jakub.jozwiak@mandiant.com
- data-manipulation/encoding/xor/covertly-decode-and-write-data-to-windows-directory-using-indirect-calls dan.kelly@mandiant.com
- linking/runtime-linking/resolve-function-by-brute-ratel-badger-hash jakub.jozwiak@mandiant.com
Bug Fixes
- extractor: add a Binary Ninja test that asserts its version #1487 @xusheng6
- extractor: update Binary Ninja stack string detection after the new constant outlining feature #1473 @xusheng6
- extractor: update vivisect Arch extraction #1334 @mr-tz
- extractor: avoid Binary Ninja exception when analyzing certain files #1441 @xusheng6
- symtab: fix struct.unpack() format for 64-bit ELF files @yelhamer
- symtab: safeguard against ZeroDivisionError for files containing a symtab with a null entry size @yelhamer
- improve ELF strtab and needed parsing @mr-tz
- better handle exceptional cases when parsing ELF files #1458 @Aayush-Goel-04
- improved testing coverage for Binary Ninja backend #1446 @Aayush-Goel-04
- add logging and print redirect to tqdm for capa main #749 @Aayush-Goel-04
- extractor: fix binja installation path detection does not work with Python 3.11
- tests: refine the IDA test runner script #1513 @williballenthin
- output: don't leave behind traces of progress bar @williballenthin
- import-to-ida: fix bug introduced with JSON report changes in v5 #1584 @williballenthin
- main: don't show spinner when emitting debug messages #1636 @williballenthin
capa explorer IDA Pro plugin
Development
- update ATT&CK/MBC data for linting #1568 @mr-tz
- log time taken to analyze each function #1290 @williballenthin
- tests: make fixture available via conftest.py #1592 @williballenthin
- publish via PyPI trusted publishing #1491 @williballenthin
- migrate to pyproject.toml #1301 @williballenthin
- use pre-commit to invoke linters #1579 @williballenthin
Raw diffs
-
-
-
v6.0.0
capa v6.0 brings many bug fixes and quality improvements, including 64 rule updates and 26 new rules. We're now publishing to PyPI via Trusted Publishing and have migrated to using a
pyproject.toml
file. @Aayush-Goel-04 contributed a lot of new code across many files, so please welcome them to the project, along with @anders-v @crowface28 @dkelly2e @RonnieSalomonsen and @ejfocampo as first-time rule contributors!For those that use capa as a library, we've introduced some limited breaking changes that better represent data types (versus less-structured data like dictionaries and strings). With the recent deprecation, we've also dropped support for Python 3.7.
New Features
- add script to detect feature overlap between new and existing capa rules #1451 @Aayush-Goel-04
- extract forwarded exports from PE files #1624 @williballenthin
- extract function and API names from ELF symtab entries @yelhamer mandiant/capa-rules#736
- use fancy box drawing characters for default output #1586 @williballenthin
Breaking Changes
- use a class to represent Metadata (not dict) #1411 @Aayush-Goel-04 @manasghandat
- use pathlib.Path to represent file paths #1534 @Aayush-Goel-04
- Python 3.8 is now the minimum supported Python version #1578 @williballenthin
- Require a Contributor License Agreement (CLA) for PRs going forward #1642 @williballenthin
New Rules (26)
- load-code/shellcode/execute-shellcode-via-windows-callback-function ervin.ocampo@mandiant.com jakub.jozwiak@mandiant.com
- nursery/execute-shellcode-via-indirect-call ronnie.salomonsen@mandiant.com
- data-manipulation/encryption/aes/encrypt-data-using-aes-mixcolumns-step @mr-tz
- linking/static/aplib/linked-against-aplib still@teamt5.org
- communication/mailslot/read-from-mailslot nick.simonian@mandiant.com
- nursery/hash-data-using-sha512managed-in-dotnet jonathanlepore@google.com
- nursery/compiled-with-exescript jonathanlepore@google.com
- nursery/check-for-sandbox-via-mac-address-ouis-in-dotnet jonathanlepore@google.com
- host-interaction/hardware/enumerate-devices-by-category @mr-tz
- host-interaction/service/continue-service @mr-tz
- host-interaction/service/pause-service @mr-tz
- persistence/exchange/act-as-exchange-transport-agent jakub.jozwiak@mandiant.com
- host-interaction/file-system/create-virtual-file-system-in-dotnet jakub.jozwiak@mandiant.com
- compiler/cx_freeze/compiled-with-cx_freeze @mr-tz jakub.jozwiak@mandiant.com
- communication/socket/create-vmci-socket jakub.jozwiak@mandiant.com
- persistence/office/act-as-excel-xll-add-in jakub.jozwiak@mandiant.com
- persistence/office/act-as-office-com-add-in jakub.jozwiak@mandiant.com
- persistence/office/act-as-word-wll-add-in jakub.jozwiak@mandiant.com
- anti-analysis/anti-debugging/debugger-evasion/hide-thread-from-debugger michael.hunhoff@mandiant.com jakub.jozwiak@mandiant.com
- host-interaction/memory/create-new-application-domain-in-dotnet jakub.jozwiak@mandiant.com
- host-interaction/gui/switch-active-desktop jakub.jozwiak@mandiant.com
- host-interaction/service/query-service-configuration @mr-tz
- anti-analysis/anti-av/patch-event-tracing-for-windows-function jakub.jozwiak@mandiant.com
- data-manipulation/encoding/xor/covertly-decode-and-write-data-to-windows-directory-using-indirect-calls dan.kelly@mandiant.com
- linking/runtime-linking/resolve-function-by-brute-ratel-badger-hash jakub.jozwiak@mandiant.com
Bug Fixes
- extractor: add a Binary Ninja test that asserts its version #1487 @xusheng6
- extractor: update Binary Ninja stack string detection after the new constant outlining feature #1473 @xusheng6
- extractor: update vivisect Arch extraction #1334 @mr-tz
- extractor: avoid Binary Ninja exception when analyzing certain files #1441 @xusheng6
- symtab: fix struct.unpack() format for 64-bit ELF files @yelhamer
- symtab: safeguard against ZeroDivisionError for files containing a symtab with a null entry size @yelhamer
- improve ELF strtab and needed parsing @mr-tz
- better handle exceptional cases when parsing ELF files #1458 @Aayush-Goel-04
- improved testing coverage for Binary Ninja backend #1446 @Aayush-Goel-04
- add logging and print redirect to tqdm for capa main #749 @Aayush-Goel-04
- extractor: fix binja installation path detection does not work with Python 3.11
- tests: refine the IDA test runner script #1513 @williballenthin
- output: don't leave behind traces of progress bar @williballenthin
- import-to-ida: fix bug introduced with JSON report changes in v5 #1584 @williballenthin
- main: don't show spinner when emitting debug messages #1636 @williballenthin
capa explorer IDA Pro plugin
Development
- update ATT&CK/MBC data for linting #1568 @mr-tz
- log time taken to analyze each function #1290 @williballenthin
- tests: make fixture available via conftest.py #1592 @williballenthin
- publish via PyPI trusted publishing #1491 @williballenthin
- migrate to pyproject.toml #1301 @williballenthin
- use pre-commit to invoke linters #1579 @williballenthin
Raw diffs
-
submodules: Bump outdated
-
- What's New
- Change History
- Installation Guide
- SHA-256:
a658677a87d0be12ab65bd7962f471875b81a2dd2ea35d69cc3201555ca1bd6f
-
submodules: Bump outdated
-
This release is the second stable release of Windows Package Manager 1.5 for Windows 10 (1809+) and Windows 11.
This release contains a minor servicing fix to improve the ARP correlation experience as well as increasing the maximum length of the installation notes.
The Microsoft.WinGet.Client PowerShell module has been published to the PowerShell Gallery.
Experimental features have been disabled in this release. We will follow this release with another preview release build at GitHub so users can continue with experimental features available.
What's Changed
- Do not attempt post install ARP correlation if PackageFamilyName is provided and present for the user by @JohnMcPMS in #3391
- Relax InstallationNotes max length by @yao-msft in #3397
Full Changelog: release-v1.5.1572...release-v1.5.1881
Windows Package Manager 1.6.2482
em Releases de software
Postado
This release represents our first Windows Package Manager 1.6 release candidate build for Windows 10 (1809+), and Windows 11. Experimental features have been disabled in this release.
The
winget configure
command is now a stable feature and can be used to automatically handle the setup and configuration requirements for an ideal development environment on your Windows machine. Applying a WinGet configuration file helps with installing and managing software packages, applications, programming languages, frameworks, tools, or settings necessary for a project.You can also use the
winget download
command to download a package installer to your local machine. Support for package dependencies and enabling Windows Features are also included in this stable release.Features
winget download
#658Bugs
What's Changed
--include-unknown
in list--upgrade-available
by @florelis in #3473TelemetryTraceLogger::InitializeInternal()
by @florelis in #3527--Installer-Type
argument for commands by @ryfu-msft in #3516New Contributors
Full Changelog: v1.5.1572...v1.6.2482
Download