Yacine
Yacine
This issue will serve to keep track of enhancements that are to-be-added to the CAPE extractor after basic functionality is achieved. For the time being, the current features are in...
... I am really excited to hear that capa is adding the capacity to work with dynamic traces! I think dealing with API traces generated from a sandbox is a...
CAPE provides the number of times an api call was repeated. This might be useful for rule authors (detecting API hammering, profiling malware fa) I propose either adding a `repeated`...
This PR adds the ability to select which function/process capa should extract capabilities from. The proposed syntax is as follows: ```bash $ capa malware.exe --functions 0x645fa0,0x543dd0,0x630ac0 # static analysis $...
Hello! This PR tries to add a dynamic feature extractor for the [Drakvuf sandbox](https://github.com/CERT-Polska/drakvuf-sandbox/) as part of a [GSoC project](https://summerofcode.withgoogle.com/programs/2024/projects/fCnBGuEC) I am working on. As of now, the code still...
Currently our feature extractors focuses primarily on syscall and apicall plugins. Would be nice to add support for more drakvuf plugins.
CAPE and Drakvuf now use artifacts from different sample's reports to test their respective feature extractors. In the future we would like to use the same sample, analyze it with...
This issue is for tracking any possible file features we could extract from Drakvuf reports. Currently, most artifacts (registry keys, files, etc.) are collected by other Drakvuf plugins from the...