Mike Hunhoff

support wildcards and skips for bytes feature

4

Add support for wildcards and skips for `bytes` feature similar to [Yara hexadecimal strings](https://yara.readthedocs.io/en/stable/writingrules.html#hexadecimal-strings).

check if basic block child of correct type

3

we should add a check to the following code that verifies the single child statement is of the expected type: https://github.com/fireeye/capa/blob/14e65c46011aca908863a770ec925cc222dc7f93/capa/rules.py#L347-L354

Taking a peek at the extractors it looks like `capa` assumes exports are named, but what about unnamed exports (by ordinal only)? We support matching imports by ordinal, should we...

explorer: add highlighting to decompile view

1

Update explorer to add highlighting to decompiler view in addition to disassembly view

capa explorer is due for a code refactor, some of the files are getting too large to remain a single file.

Update explorer to cache extracted features for multiple runs. This is especially useful when making multiple successive runs while testing a new rule.

detect when user creates a new function and automatically re-run capa analysis to include rules matched on features extracted from the new function. depends on #318.

Register is used as index into table of string pointers @ `mimikatz:0x44EE5A`:  The table of string pointers @ `mimikatz:0x4475ca0` contains pointers to four strings: `capa` currently extracts the first...

link: https://github.com/yck1509/ConfuserEx/blob/master/Confuser.Runtime/antinet/AntiManagedProfiler.cs

check .NET-Anti-Debug coverage

5

https://github.com/Outbuilt/.NET-Anti-Debug