Skip to content

Pull requests: mandiant/capa-rules

New pull request New
Clear current search query, filters, and sorts
5 Open 656 Closed
5 Open 656 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

add more APIs to remove use-process-replacement FNs
#1009 by mike-hunhoff was merged Feb 25, 2025 Loading…
Clearing Event Log with wevtapi functions
#1006 by JakePeralta7 was merged Feb 22, 2025 Loading…
6
Added related wevtapi functions
#1005 by JakePeralta7 was closed Feb 22, 2025 Loading…
1
tighten Windows mutex related rules
#1004 by mike-hunhoff was merged Feb 21, 2025 Loading…
1
add "change registry key timestamp"
#1003 by williballenthin was merged Feb 21, 2025 Loading…
1
1
additional APIs to remove FNs for inject apc
#1001 by mike-hunhoff was merged Feb 21, 2025 Loading…
use "span of calls" scope for registry operations that span multiple calls, e.g. open registry key and set value
#999 by mike-hunhoff was merged Feb 20, 2025 Loading…
2
persist via Run registry key: dynamic: thread
#995 by dhruvak001 was closed Feb 21, 2025 Loading…
1
2
https://github.com/mandiant/capa-rules/issues/974
#992 by dhruvak001 was merged Feb 4, 2025 Loading…
1
1
extend terminate-process.yml to include exit_group #970
#991 by dhruvak001 was merged Feb 4, 2025 Loading…
1
1
internal-dotnet-file-limitation.yml: make it valid for static scope too
#990 by williballenthin was merged Feb 4, 2025 Loading…
8
remove testing rule
#989 by williballenthin was merged Feb 4, 2025 Loading…
tighten scope of "link many functions at runtime" for dynamic scope
#988 by dhruvak001 was merged Feb 3, 2025 Loading…
3
remove redundant matches for dynamic scope
#987 by mike-hunhoff was merged Feb 4, 2025 Loading…
6
fix scope issues identified by new lint pass
#986 by williballenthin was merged Jan 29, 2025 Loading…
1
reduce fps for self-delete.yml
#985 by mike-hunhoff was merged Jan 29, 2025 Loading…
remove duplicate features from some rules
#984 by vibhatsu29 was merged Jan 28, 2025 Loading…
5
add dotnet limitation rule for dynamic samples
#983 by vibhatsu29 was merged Feb 4, 2025 Loading…
8
New rules: RSA & bigint
#982 by Ana06 was merged Jan 21, 2025 Loading…
1
@Ana06
10
Add CONTRIBUTING file & update ISSUE TEMPLATES
#980 by Ana06 was merged Jan 15, 2025 Loading…
update create-process-suspended to include DEBUG_ONLY_THIS_PROCESS
#978 by mike-hunhoff was merged Jan 7, 2025 Loading…
2
use "span of calls" scope
#973 by williballenthin was merged Jan 29, 2025 Loading…
8
tmp: update to newscope (placeholder)
#972 by mr-tz was closed Dec 18, 2024 Loading…
1
extend rule features and rename
#969 by mr-tz was merged Dec 3, 2024 Loading…
1
6
enable namespace
#963 by mr-tz was merged Nov 19, 2024 Loading…
1
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.