Mike Hunhoff
Mike Hunhoff
capa enforces a max length for `bytes` features (see https://github.com/mandiant/capa/blob/7c4a46b7b4235849515bb4455c9788f324858310/capa/features/common.py#L27). Develop a lint to check this max length is not exceeded in capa rules to avoid confusion and mismatches. see...
Choose lowercase or uppercase capitalization for hex values (e.g. `bytes` feature), develop a lint to enforce, and update documentation accordingly. see https://github.com/mandiant/capa-rules/pull/743#discussion_r1165954907
> HardHat is a multiplayer c# .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life factors...
Consider writing capa rules for `Xamarin.Android` applications: > Xamarin.Android exposes the complete Android SDK for .NET developers. Build fully native Android apps using C# or F# in Visual Studio. ([credit](https://learn.microsoft.com/en-us/xamarin/android/))...
> On another note. I noticed when trying to do a pull request, it gave a few tips, such as running lint.py from the scripts section The issue was, I...
This [article](https://washi.dev/blog/posts/entry-points/) describes multiple .NET entry points, where some of these are often leveraged by malware and obfuscators. I think it beneficial to bring these uncommon, or commonly malicious, entry...
The architectures of the Java installation and Python installations used with Ghidrathon must be compatible. This is because Jep is built by Python and loaded by Java. It would be...
A long running Python script/command holds the GIL preventing other Python code from executing in the same process until the script/command finishes. Inform user that the interpreter is busy when...
The CPython [`faulthandler`](https://docs.python.org/3/library/faulthandler.html#module-faulthandler) module installs fault handlers for the `SIGSEGV`, `SIGFPE`, `SIGABRT`, `SIGBUS`, and `SIGILL` signals. Unfortunately, our experience shows that this level of OS/process manipulation destabilizes the Java process...
This behavior would more closely match that of the standard Python interpreter.