Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SysWhispers2 detection & add 0x2e syscall detection #888

Merged
merged 9 commits into from
Sep 24, 2024

Conversation

Still34
Copy link
Contributor

@Still34 Still34 commented Mar 12, 2024

Summary

This PR adds rudimentary support for detecting SysWhisper2 syscall list population and adding the 0x2e syscall used by the project to the nursery collection.

Still34 added a commit to Still34/capa-testfiles that referenced this pull request Mar 12, 2024
@Still34 Still34 changed the title Add SysWhisper2 detection & add 0x2e syscall detection Add SysWhispers2 detection & add 0x2e syscall detection Mar 12, 2024
Copy link
Collaborator

@mr-tz mr-tz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you, a few suggestions/comments inline

nursery/execute-syscall-instruction.yml Outdated Show resolved Hide resolved
nursery/populate-syswhispers2-syscall-list.yml Outdated Show resolved Hide resolved
nursery/populate-syswhispers2-syscall-list.yml Outdated Show resolved Hide resolved
nursery/populate-syswhispers2-syscall-list.yml Outdated Show resolved Hide resolved
nursery/populate-syswhispers2-syscall-list.yml Outdated Show resolved Hide resolved
nursery/populate-syswhispers2-syscall-list.yml Outdated Show resolved Hide resolved
@mr-tz
Copy link
Collaborator

mr-tz commented Sep 16, 2024

hey @Still34 can you take a look at the comments so we can hopefully merge this?

@Still34
Copy link
Contributor Author

Still34 commented Sep 17, 2024

Hey sorry I didn't see the stray comments until now - I'll get around to it after the holiday.

@mr-tz mr-tz force-pushed the features/syswhisper2-detect branch from e4f7fd1 to acfd551 Compare September 24, 2024 11:22
@mr-tz
Copy link
Collaborator

mr-tz commented Sep 24, 2024

Thank you!

@mr-tz mr-tz merged commit 1fd0d8e into mandiant:master Sep 24, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants