gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-23 15:37:37 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c49199138eac3ade23aa2c249008017fb402dfab
capa/CHANGELOG.md
Willi Ballenthin 732b47e845 changelog: fix @mike-hunhoff handle
2020-08-05 08:20:34 -06:00

3.9 KiB
Raw Blame History

Change Log

v1.1.0 (2020-08-05)

This release brings new rule format updates, such as adding offset/x32 and negative offsets, fixes some bugs identified by the community, and 28 (!) new rules. We received contributions from eight reverse engineers, including four new ones:

  • @re-fox
  • @psifertex
  • @bitsofbinary
  • @threathive

Download a standalone binary below and checkout the readme here on GitHub. Report issues on our issue tracker and contribute new rules at capa-rules.

New features

  • import: add Binary Ninja import script #205 #207 @psifertex
  • rules: offsets can be negative #197 #208 @williballenthin
  • rules: enable descriptions for statement nodes #194 #209 @Ana06
  • rules: add arch flavors to number and offset features #210 #216 @williballenthin
  • render: show SHA1/SHA256 in default report #164 @threathive
  • tests: add tests for IDA Pro backend #202 @williballenthin

New rules

  • check for unmoving mouse cursor @BitsOfBinary
  • check mutex and exit @re-fox
  • parse credit card information @re-fox
  • read ini file @re-fox
  • validate credit card number with luhn algorithm @re-fox
  • change the wallpaper @re-fox
  • acquire debug privileges @williballenthin
  • import public key @williballenthin
  • terminate process by name @williballenthin
  • encrypt data using DES @re-fox
  • encrypt data using DES via WinAPI @re-fox
  • hash data using sha1 via x86 extensions @re-fox
  • hash data using sha256 via x86 extensions @re-fox
  • capture network configuration via ipconfig @re-fox
  • hash data via WinCrypt @mike-hunhoff
  • get file attributes @mike-hunhoff
  • allocate thread local storage @mike-hunhoff
  • get thread local storage value @mike-hunhoff
  • set thread local storage @mike-hunhoff
  • get session integrity level @mike-hunhoff
  • add file to cabinet file @mike-hunhoff
  • flush cabinet file @mike-hunhoff
  • open cabinet file @mike-hunhoff
  • gather firefox profile information @re-fox
  • encrypt data using skipjack @re-fox
  • encrypt data using camellia @re-fox
  • hash data using tiger @re-fox
  • encrypt data using blowfish @re-fox
  • encrypt data using twofish @re-fox

Bug fixes

  • linter: fix exception when examples is None @Ana06
  • linter: fix suggested recommendations via templating @williballenthin
  • render: fix exception when rendering counts @williballenthin
  • render: fix render of negative offsets @williballenthin
  • extractor: fix segmentation violation from vivisect @williballenthin
  • main: fix crash when .viv cannot be saved #168 @secshoggoth @williballenthin
  • main: fix shellcode .viv save path @williballenthin

Changes

  • doc: explain how to bypass gatekeeper on macOS @psifertex
  • doc: explain supported linux distributions @Ana06
  • doc: explain submodule update with --init @psifertex
  • main: improve program help output @mr-tz
  • main: disable progress when run in quiet mode @mr-tz
  • main: assert supported IDA versions @mr-tz
  • extractor: better identify nested pointers to strings @williballenthin
  • setup: specify vivisect download url @Ana06
  • setup: pin vivisect version @williballenthin
  • setup: bump vivisect dependency version @williballenthin
  • setup: set Python project name to flare-capa @williballenthin
  • ci: run tests and linter via Github Actions @Ana06
  • hooks: run style checkers and hide stashed output @Ana06
  • linter: ignore period in rule filename @williballenthin
  • linter: warn on nursery rule with no changes needed @williballenthin

Raw diffs

Reference in New Issue View Git Blame Copy Permalink