capa
capa copied to clipboard
mandiant
The FLARE team's open-source tool to identify capabilities in executable files.
### Description Got the following error: ``` loading : 100%|█████████████████████████████████████████████████████████████████████████████████████████████| 702/702 [00:00
### Checklist - [ ] No CHANGELOG update needed - [ ] No new tests needed - [ ] No documentation update needed
Overwrites helper functions, see example error on loading invalid rules: ```cmd ERROR:capa:invalid rule: rules\anti-analysis\anti-debugging\debugger-detection\check-for-debugger-via-api.yml: invalid rule: unexpected statement: property Traceback (most recent call last): File "main.py", line 1018, in main...
This enhancement extends capa's functionality to the analysis of potentially malicious scripts and source code. A [tree-sitter](https://github.com/tree-sitter/tree-sitter) backend was added to parse the source files into a lightweight AST. Features...
dotnet may emit accessor/mutators (getter/setters) for some fields rather than direct field access. how do we recognize and emit these features?
Most analysts will read decompiled C# code. Can we A) create an utility to parse code segments to features (e.g. using capa-scripts portions) or B) even better allow to include...
See #939 Add support for extracting property features in capa .NET. This allows for writing rules having property features as follows: `property: System.Environment::MachineName` ### Checklist - [x] No CHANGELOG update...
Adding a `property` feature that represents a class attribute access as discussed in #1110.
https://github.com/trailofbits/gh-action-pip-audit
methods interact with various types, including both primitive objects (u8) and classes. sometimes we see method/property access to the classes, which can be represented by things like `API` (and maybe...