-
Notifications
You must be signed in to change notification settings - Fork 163
Issues: mandiant/capa-rules
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
derive capa rules from yara-rules capabilities
rule idea
#968
opened Nov 25, 2024 by
williballenthin
detect BITS usage in general
good first issue
Good for newcomers
rule idea
#967
opened Nov 25, 2024 by
mr-tz
create separate rule to match socket connects
good first issue
Good for newcomers
rule idea
#965
opened Nov 20, 2024 by
mike-hunhoff
improve TCP/UDP socket creation matching
good first issue
Good for newcomers
rule idea
#964
opened Nov 20, 2024 by
mike-hunhoff
dotnet: create new scheduled task via TaskService
good first issue
Good for newcomers
rule idea
#959
opened Nov 7, 2024 by
mike-hunhoff
dotnet: Process.EnterDebugMode
good first issue
Good for newcomers
rule idea
#958
opened Nov 5, 2024 by
mike-hunhoff
dotnet: TripleDESCryptoServiceProvider Class
good first issue
Good for newcomers
rule idea
#957
opened Nov 5, 2024 by
mike-hunhoff
reconsider att&ck classification for get/set-uefi-variable.yml
att&ck
false positive
False positive rule hit
#944
opened Oct 7, 2024 by
mike-hunhoff
reference anti-VM strings targeting VirtualBox
false positive
False positive rule hit
#934
opened Sep 24, 2024 by
mr-tz
rule idea: modify PendingFileRenameOperations to delete, rename, or move file across reboots
rule idea
#911
opened Jul 11, 2024 by
mike-hunhoff
parse-credit-card-information -> mimikatz.exe_:0x444E02
false positive
False positive rule hit
#897
opened May 3, 2024 by
mike-hunhoff
resolve Microsoft.Win32.Win32Native to execute native Windows APIs in .NET
rule idea
#876
opened Jan 17, 2024 by
mike-hunhoff
Previous Next
ProTip!
Exclude everything labeled
bug
with -label:bug.