mandiant/capa-testfiles issues and pull requests

#266 - update analogous to capa repo, removing Python 3.8

Pull Request - State: closed - Opened by mr-tz 23 days ago

#265 - add file

Pull Request - State: closed - Opened by mr-tz about 1 month ago

#264 - add sample for nmm-protect

Pull Request - State: closed - Opened by williballenthin about 2 months ago - 2 comments

#263 - git ignore intermediate IDA database files

Pull Request - State: closed - Opened by williballenthin about 2 months ago

#262 - Added testfile for get-process-filename.yml

Pull Request - State: closed - Opened by mwilliams31 about 2 months ago

#261 - Add sample for capa-rules 935

Pull Request - State: closed - Opened by Still34 about 2 months ago

#260 - add testfile

Pull Request - State: closed - Opened by mr-tz about 2 months ago

#259 - Add sample for access-firewall-policy-via-inetfwpolicy2.yml and acces…

Pull Request - State: closed - Opened by jtothej about 2 months ago - 1 comment

#258 - Add sample file for delete-network-filter-via-wfp-api.yml and enumera…

Pull Request - State: closed - Opened by jtothej 2 months ago - 1 comment

#257 - add file for SQLCipher

Pull Request - State: closed - Opened by williballenthin 2 months ago

#256 - binexport2: update test files (Ghidra:11.1,BinExport:757381f3ff207c6a37dbf32bc6e37c6a29c9f6be)

Pull Request - State: closed - Opened by mike-hunhoff 2 months ago

#255 - add small elf file for testing

Pull Request - State: closed - Opened by mr-tz 2 months ago

#254 - Add sample file for get-system-firmware-table.yml

Pull Request - State: closed - Opened by jtothej 2 months ago

#253 - add BinExport of small ELF ARM sample

Pull Request - State: closed - Opened by mr-tz 2 months ago - 1 comment

#252 - add min archive to test vmray extractor

Pull Request - State: closed - Opened by mr-tz 3 months ago - 4 comments

#251 - binexport: update files using latest Ghidra extension

Pull Request - State: closed - Opened by mike-hunhoff 3 months ago

#250 - add compressed rd file

Pull Request - State: closed - Opened by mr-tz 3 months ago

#249 - Add test file for attach-bpf-to-socket-on-linux.yml

Pull Request - State: closed - Opened by jtothej 3 months ago - 1 comment

#248 - Add test file for unhook-a-dll.yml

Pull Request - State: closed - Opened by jtothej 3 months ago

#247 - Add sample file for linked-against-minhook.yml

Pull Request - State: closed - Opened by jtothej 3 months ago

#246 - Add samples for #918

Pull Request - State: closed - Opened by Still34 3 months ago

#245 - use gzipped result document

Pull Request - State: open - Opened by mr-tz 4 months ago - 1 comment

#244 - bump rdoc 0000a657 to version 7.0.1

Pull Request - State: closed - Opened by fariss 4 months ago - 3 comments

#243 - Uploading sample for a new rule

Pull Request - State: closed - Opened by jaredscottwilson 4 months ago - 1 comment

#242 - add stripped elf test file

Pull Request - State: closed - Opened by ygasparis 5 months ago - 1 comment

#241 - add test case for OS detection for Go binaries with buildinfo

Pull Request - State: closed - Opened by williballenthin 5 months ago - 1 comment

#240 - Add a Test Sample for the Drakvuf Feature Extractor

Pull Request - State: closed - Opened by yelhamer 5 months ago - 2 comments

#239 - regenerate result document test files

Pull Request - State: open - Opened by fariss 5 months ago

#238 - update github actions to the latest version

Pull Request - State: closed - Opened by IlyasOsman 5 months ago - 2 comments

#237 - binexport: generate binexport files using latest Ghidra extension

Pull Request - State: closed - Opened by mike-hunhoff 5 months ago

#236 - Add sample for compiled-with-dart.yml

Pull Request - State: closed - Opened by jtothej 5 months ago - 4 comments

#235 - Add sample file for the hide-graphical-window-from-taskbar.yml rule

Pull Request - State: closed - Opened by jtothej 6 months ago

#234 - Add sample file for the act-as-time-provider-dll.yml rule

Pull Request - State: closed - Opened by jtothej 6 months ago - 1 comment

#233 - Add sample file for the act-as-share-provider-dll.yml rule

Pull Request - State: closed - Opened by jtothej 6 months ago - 1 comment

#232 - add nzxor test file

Pull Request - State: closed - Opened by mr-tz 6 months ago

#231 - Adding files related to self-deletion

Pull Request - State: closed - Opened by dstepanic 7 months ago

#230 - Add files via upload

Pull Request - State: closed - Opened by mr-tz 7 months ago

#229 - Add BinExport data

Pull Request - State: closed - Opened by mr-tz 7 months ago

#228 - Add sample for capa-rules/pull/888

Pull Request - State: closed - Opened by Still34 8 months ago - 1 comment

#227 - regenerate result document test files

Pull Request - State: closed - Opened by Aayush-Goel-04 9 months ago - 1 comment

#226 - add sample for delete drive layout via ioctl

Pull Request - State: closed - Opened by williballenthin 9 months ago

#225 - Delete 6d952a7e66bc63b72c9a3d10ef28e3f2.exe_

Pull Request - State: closed - Opened by mr-tz 10 months ago

#224 - dotnet samples with nested cases

Pull Request - State: closed - Opened by bkojusner 11 months ago

#223 - Add IP-grabbing sample

Pull Request - State: closed - Opened by Still34 11 months ago

#222 - test file for ghostly hollowing capa rule

Pull Request - State: closed - Opened by sara-rn 11 months ago

#221 - add testfiles for dynamic analysis

Pull Request - State: closed - Opened by williballenthin 12 months ago

#220 - Add test data for hp-socket

Pull Request - State: closed - Opened by Still34 12 months ago - 9 comments

#219 - .NET bundled file

Pull Request - State: closed - Opened by sara-rn 12 months ago - 1 comment

#218 - Add files via upload

Pull Request - State: closed - Opened by sara-rn about 1 year ago - 8 comments

#217 - add reports from capesandbox.com

Pull Request - State: closed - Opened by mr-tz about 1 year ago

#216 - New rules

Pull Request - State: closed - Opened by johnk3r about 1 year ago - 4 comments

#215 - Test File of SystemFunction032 capa rule

Pull Request - State: closed - Opened by richardweiss80 about 1 year ago

#214 - Update result document testfiles

Pull Request - State: closed - Opened by yelhamer about 1 year ago

#213 - sync

Pull Request - State: closed - Opened by williballenthin over 1 year ago

#212 - add Android example ELF

Pull Request - State: closed - Opened by williballenthin over 1 year ago - 2 comments

#211 - Adding expected yara files for match-2-yar tests

Pull Request - State: open - Opened by jconnor0426 over 1 year ago - 2 comments

#210 - Fixing Vulnerabilities

Pull Request - State: open - Opened by 4k4xs4pH1r3 over 1 year ago - 1 comment

#209 - Add test data for foreground-window-check.yml

Pull Request - State: closed - Opened by ejfocampo over 1 year ago - 1 comment

#208 - Add test file for check-for-av-emulation-using-virtualallocexnuma.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago - 1 comment

#207 - sync master

Pull Request - State: closed - Opened by williballenthin over 1 year ago

#206 - Add test file for capture-packets-using-sharppcap.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#205 - Add test file for get-uefi-variable.yml and set-uefi-variable.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#204 - Add test file for Cabinet rules

Pull Request - State: closed - Opened by jtothej over 1 year ago

#203 - Add sample file for create-shortcut-via-ishelllink.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago - 1 comment

#202 - sync

Pull Request - State: closed - Opened by williballenthin over 1 year ago - 1 comment

#201 - Add test file for encode-data-using-add-xor-sub-operations.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#200 - add example file with forwarded exports

Pull Request - State: closed - Opened by williballenthin over 1 year ago

#199 - Add test file for patch-antimalware-scan-interface-function.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#198 - update copyright headers

Pull Request - State: closed - Opened by williballenthin over 1 year ago
Labels: enhancement

#197 - check_sample_filename: fix unused variable

Pull Request - State: closed - Opened by williballenthin over 1 year ago

#196 - add example for `get Windows directory from KUSER_SHARED_DATA`

Pull Request - State: closed - Opened by williballenthin over 1 year ago

#195 - Add test file for act-as-dhcp-server-callout-dll.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#194 - Add test file for resolve-function-by-brute-ratel-badger-hash.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#193 - Use pathlib.Path instance.

Pull Request - State: closed - Opened by Aayush-Goel-04 over 1 year ago - 1 comment

#192 - Add files via upload

Pull Request - State: closed - Opened by sara-rn over 1 year ago

#191 - Sync master and dynamic feature extraction

Pull Request - State: closed - Opened by mr-tz over 1 year ago - 2 comments

#190 - Add test file for patch-event-tracing-for-windows-function.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#189 - Add test files for inject-shellcode-using-extra-window-memory.yml and…

Pull Request - State: closed - Opened by jtothej over 1 year ago

#188 - Add test file for create-new-application-domain-in-dotnet.yml.

Pull Request - State: closed - Opened by jtothej over 1 year ago

#187 - Add test file for switch-active-desktop.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#186 - Add test file for create-vmci-socket.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#185 - Add test file for compiled-with-cx_freeze.yml.

Pull Request - State: closed - Opened by jtothej over 1 year ago

#184 - Add test file for create-virtual-file-system-in-dotnet.yml

Pull Request - State: closed - Opened by jtothej over 1 year ago

#183 - Add test file for Exchange transport agent rule.

Pull Request - State: closed - Opened by jtothej over 1 year ago

#182 - Add test files for Office Add-ins rules

Pull Request - State: closed - Opened by jtothej over 1 year ago

#181 - rename lowercase

Pull Request - State: closed - Opened by mr-tz over 1 year ago

#180 - Added test file

Pull Request - State: closed - Opened by jaxxpnd over 1 year ago - 6 comments

#179 - add QakBot sample to test the cape dynamic extractor

Pull Request - State: closed - Opened by yelhamer over 1 year ago - 5 comments

#178 - adding testfile for WMI anti-vm checks

Pull Request - State: closed - Opened by anders-v over 1 year ago

#177 - uploading for read-from-mailslot rule

Pull Request - State: closed - Opened by crowface28 over 1 year ago

#176 - Add samples browser/sqlite detection rule

Pull Request - State: closed - Opened by Still34 over 1 year ago - 2 comments

#175 - Add sample for aPlib compression detection

Pull Request - State: closed - Opened by Still34 over 1 year ago - 1 comment

#174 - add testfile for aes

Pull Request - State: closed - Opened by mr-tz over 1 year ago

#173 - Added referenced PE DLL for load-code/shellcode/execute-shellcode-via-indirect-call.yml

Pull Request - State: closed - Opened by RonnieSalomonsen over 1 year ago - 1 comment

#172 - Add test data for load-code/shellcode/execute-shellcode-via-callback-functions.yml

Pull Request - State: closed - Opened by ejfocampo over 1 year ago

#171 - rename file with extension

Pull Request - State: closed - Opened by williballenthin over 1 year ago

#170 - Add sample to test ELF symbol table OS detection

Pull Request - State: closed - Opened by yelhamer over 1 year ago - 1 comment

#169 - refactor: Configurable ignored directories

Pull Request - State: closed - Opened by naikordian over 1 year ago

#168 - fix: Ignore json extension

Pull Request - State: closed - Opened by naikordian over 1 year ago

#167 - add example result documents

Pull Request - State: closed - Opened by williballenthin over 1 year ago - 2 comments

GitHub / mandiant/capa-testfiles issues and pull requests