Cyber security

Capa v7.3.0 – Enhanced Malware Analysis With VMRay Integration, Ghidra Support, And New Capa Rules Website

The v7.3.0 capa release comes with the following three major enhancements:

1. Support For VMRay Sandbox Analysis Archives

Unlock powerful malware analysis with capa’s new VMRay sandbox integration! Simply provide a VMRay analysis archive, and capa will automatically extract and match capabilities to streamline your workflow.

This is the second support for the analysis of dynamic analysis results after CAPE.

2. Support For BinExport Files Generated By Ghidra

BinExport files store disassembled data into a Protocol Buffer format. capa now supports the analysis of BinExport files generated by Ghidra.

Using Ghidra and the BinExport file format users can now analyze ARM (AARCH64) ELF files targeting Android.

3. Introducing The Capa Rules Website

You can now browse capa’s default rule set at. In modern terminals the CLI capa tool hyperlinks to resources on the web, including entries on the capa rules website.
Furthermore, provides a landing page for the capa tool project.

Additional Updates

  • capa Explorer Web received several enhancements and bug fixes.
  • Support for the IDA Pro 9.0 IDAPython API while keeping compatibility to older IDA Pro versions
  • Six rules have been added and two rules have been updated

Thanks to @r-sm2024 for their contribution in #2155 and their further work. And of course a big thanks to the community for reporting issues, participating in discussions, and supporting the capa tool and capa rules.

New Features

  • regenerate ruleset cache automatically on source change (only in dev mode) #2133 @s-ff
  • add landing page
  • add rules website@DeeyaSingh #2310
  • add .justfile @williballenthin #2325
  • dynamic: add support for VMRay dynamic sandbox traces #2208 @mike-hunhoff @r-sm2024 @mr-tz
  • cli: use modern terminal features to hyperlink to the rules website #2337 @williballenthin
  • support analyzing BinExport2 files generated by Ghidra #1950 @williballenthin @mehunhoff @mr-tz
  • add support for Android OS #1950 @williballenthin @mehunhoff @mr-tz
  • add support for aarch64 architecture via BinExport2 backend #1950 @williballenthin @mehunhoff @mr-tz
Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Tamil S
Tags: Capa v7.3.0cybersecurityinformationsecuritykalilinuxkalilinuxtools
37 mins ago

Recent Posts

ConfuserEx2 String Decryptor – A Guide To Deobfuscating .NET Applications

ConfuserEx2 is the latest version from the Confuser family → An open-source, free protector for…

25 mins ago

GlobalUnProtect – Decrypting And Harvesting Sensitive Data From GlobalProtect Installations

PoC tool for decrypting and collecting GlobalProtect configuration, cookies, and HIP files from windows client…

32 mins ago

MSSprinkler – Enhancing M365 Security Through Advanced Password Testing

MSSprinkler is a password spraying utility for organizations to test their M365 accounts from an…

44 mins ago

Inception – A Deep Dive Into PCI-Based DMA Memory Hacking

Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can…

49 mins ago

NyxInvoke – A Comprehensive Guide To Advanced Execution Techniques In Rust

NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon…

3 days ago

Learn Rust, One Exercise At A Time

You've heard about Rust, but you never had the chance to try it out?This course…

3 days ago