Skip to content

Pull requests: mandiant/capa-rules

New pull request New
17 Open 744 Closed
17 Open 744 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

feat(rules): detect ReadDirectoryChanges shellcode via callback and APC (#1095)
#1143 opened Mar 15, 2026 by sherkhanz Loading…
1
1
Add rule for zlib fast inflate
#1142 opened Mar 15, 2026 by priyank766 Loading…
1
1
rules: add nursery rule for systemd CLI interaction on Linux
#1141 opened Mar 14, 2026 by akshat4703 Loading…
rules: add nursery rule for shellcode execution via ReadDirectoryChanges
#1140 opened Mar 14, 2026 by akshat4703 Loading…
add ProcDump-based LSASS memory dump detection
#1139 opened Mar 13, 2026 by akshat4703 Loading…
2
dump-lsass-memory-via-openprocess-and-minidumpwritedump
#1138 opened Mar 13, 2026 by akshat4703 Loading…
4
Add .NET Environment.TickCount timing anti-debug rule
#1137 opened Mar 12, 2026 by aryanyk Loading…
Add nursery rules for Linux kernel rootkit techniques
#1136 opened Mar 11, 2026 by aryanyk Loading…
1
13
add general BITS usage detection
#1132 opened Mar 9, 2026 by akshat4703 Loading…
18
improve Heaven's Gate detection for computed selector variants
#1127 opened Feb 26, 2026 by akshat4703 Loading…
1
2
persistence: restrict registry-based service detection to service-specific values (fix #1100)
#1126 opened Feb 25, 2026 by reyyanxahmed Loading…
1
add word boundaries to regex patterns to reduce false positives
#1125 opened Feb 24, 2026 by Shaktisinhchavda Loading…
1
14
reduce false positives in credential manager, credit-card parsing, an…
#1123 opened Feb 23, 2026 by akshat4703 Loading…
4
5
Add new rule to detect ransomware disabling backup/recovery services
#1122 opened Feb 22, 2026 by 0ameyasr Loading…
5
add word boundary to del regex to prevent false positives
#1120 opened Feb 18, 2026 by devarjya27 Loading…
1
2
warn if latest release and rules are not compatible
#933 opened Sep 24, 2024 by mr-tz Loading…
Additional rules to support capa-scripts. dont merge Indicate a PR that is still being worked on
#603 opened Aug 4, 2022 by adamstorek Loading…
19
ProTip! Find all pull requests that aren't related to any open issues with -linked:issue.