Mike Hunhoff
Mike Hunhoff
see original comment https://github.com/mandiant/capa/blob/0ab5f5baff744c32624f815f53726cecf5897565/capa/features/extractors/binexport2/insn.py#L61
see https://github.com/mandiant/capa/pull/1950#discussion_r1614667310
We do this with our other feature extractors e.g. [IDA](https://github.com/mandiant/capa/blob/feat/1755/capa/features/extractors/ida/helpers.py#L359). It's not clear, however, if BinExport provides enough context for this so research is needed to determine if this is...
[parse-credit-card-information](https://github.com/mandiant/capa-rules/blob/7128cdbdd1a8c42cdaa1ddcf35a19803ecac20f0/collection/credit-card/parse-credit-card-information.yml) match reported for mimikatz.exe_:0x444E02 I've noticed FPs for this rule for other internal binaries as well. The character checks detected by this rule (`=`, `?`, etc.) are also found...
e.g. we recently added the ability to configure Ghidrathon using `GHIDRATHON_SAVE_PATH` but this hasn't been released. Users who are following the `README` found in the `main` branch, which describes this...
```[tasklist] ### Bugs (`P0`) - [ ] https://github.com/mandiant/capa/issues/2292 ``` --- ```[tasklist] ### Requirements (`P1`) ``` --- ```[tasklist] ### Nice-to-haves / General feedback (`P2`) - [ ] https://github.com/mandiant/capa/issues/2191 - [ ]...
See https://github.com/mandiant/capa/pull/2208#discussion_r1692655539 We must first determine if capa can emit features from arrays without polluting the matches.
The "array" type roughly maps to series of bytes and integers. We must first determine if capa can emit features from arrays without polluting the matches. e.g. ```xml [...] [...]...
The "container" type roughly maps to structure and bitfield data. We must first determine if capa can emit features from containers without polluting the matches and then handle the nested...