6 Pull requests merged by 3 people

• add more APIs to remove use-process-replacement FNs

  #1009 merged Feb 25, 2025

• Clearing Event Log with wevtapi functions

  #1006 merged Feb 22, 2025

• tighten Windows mutex related rules

  #1004 merged Feb 21, 2025

• add "change registry key timestamp"

  #1003 merged Feb 21, 2025

• additional APIs to remove FNs for inject apc

  #1001 merged Feb 21, 2025

• use "span of calls" scope for registry operations that span multiple calls, e.g. open registry key and set value

  #999 merged Feb 20, 2025

1 Pull request opened by 1 person

• Improve Screenshot Detection by Modifying capture-screenshot.yml

  #1007 opened Feb 24, 2025

2 Issues closed by 2 people

• registry timestomping

  #1000 closed Feb 21, 2025

• coverage for APIs listed on malapi.io

  #1002 closed Feb 21, 2025

1 Issue opened by 1 person

• detect PoolParty injection

  #1008 opened Feb 25, 2025

3 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Add rules for detecting donut-related features

  #997 commented on Feb 24, 2025 • 13 new comments

• false negative for screenshot

  #981 commented on Feb 25, 2025 • 0 new comments

• improve TCP/UDP socket creation matching #964

  #993 commented on Feb 21, 2025 • 0 new comments