diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000000..7d0ba56316 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,88 @@ +# Change Log + +## v1.1.0 (2020-08-05) + +This release brings new rule format updates, such as adding `offset/x32` and negative offsets, +fixes some bugs identified by the community, and 28 (!) new rules. +We received contributions from eight reverse engineers, including four new ones: + + - @re-fox + - @psifertex + - @bitsofbinary + - @threathive + +Download a standalone binary below and checkout the readme [here on GitHub](https://github.com/fireeye/capa/). Report issues on our [issue tracker](https://github.com/fireeye/capa/issues) and contribute new rules at [capa-rules](https://github.com/fireeye/capa-rules/). + +### New features + + - import: add Binary Ninja import script #205 #207 @psifertex + - rules: offsets can be negative #197 #208 @williballenthin + - rules: enable descriptions for statement nodes #194 #209 @Ana06 + - rules: add arch flavors to number and offset features #210 #216 @williballenthin + - render: show SHA1/SHA256 in default report #164 @threathive + - tests: add tests for IDA Pro backend #202 @williballenthin + +### New rules + + - check for unmoving mouse cursor @BitsOfBinary + - check mutex and exit @re-fox + - parse credit card information @re-fox + - read ini file @re-fox + - validate credit card number with luhn algorithm @re-fox + - change the wallpaper @re-fox + - acquire debug privileges @williballenthin + - import public key @williballenthin + - terminate process by name @williballenthin + - encrypt data using DES @re-fox + - encrypt data using DES via WinAPI @re-fox + - hash data using sha1 via x86 extensions @re-fox + - hash data using sha256 via x86 extensions @re-fox + - capture network configuration via ipconfig @re-fox + - hash data via WinCrypt @michael-hunhoff + - get file attributes @michael-hunhoff + - allocate thread local storage @michael-hunhoff + - get thread local storage value @michael-hunhoff + - set thread local storage @michael-hunhoff + - get session integrity level @michael-hunhoff + - add file to cabinet file @michael-hunhoff + - flush cabinet file @michael-hunhoff + - open cabinet file @michael-hunhoff + - gather firefox profile information @re-fox + - encrypt data using skipjack @re-fox + - encrypt data using camellia @re-fox + - hash data using tiger @re-fox + - encrypt data using blowfish @re-fox + - encrypt data using twofish @re-fox + +### Bug fixes + + - linter: fix exception when examples is `None` @Ana06 + - linter: fix suggested recommendations via templating @williballenthin + - render: fix exception when rendering counts @williballenthin + - render: fix render of negative offsets @williballenthin + - extractor: fix segmentation violation from vivisect @williballenthin + - main: fix crash when .viv cannot be saved #168 @secshoggoth @williballenthin + - main: fix shellcode .viv save path @williballenthin + +### Changes + + - doc: explain how to bypass gatekeeper on macOS @psifertex + - doc: explain supported linux distributions @Ana06 + - doc: explain submodule update with --init @psifertex + - main: improve program help output @mr-tz + - main: disable progress when run in quiet mode @mr-tz + - main: assert supported IDA versions @mr-tz + - extractor: better identify nested pointers to strings @williballenthin + - setup: specify vivisect download url @Ana06 + - setup: pin vivisect version @williballenthin + - setup: bump vivisect dependency version @williballenthin + - setup: set Python project name to `flare-capa` @williballenthin + - ci: run tests and linter via Github Actions @Ana06 + - hooks: run style checkers and hide stashed output @Ana06 + - linter: ignore period in rule filename @williballenthin + - linter: warn on nursery rule with no changes needed @williballenthin + +### Raw diffs + + - [capa v1.0.0...v1.1.0](https://github.com/fireeye/capa/compare/v1.0.0...v1.1.0) + - [capa-rules v1.0.0...v1.1.0](https://github.com/fireeye/capa-rules/compare/v1.0.0...v1.1.0) diff --git a/capa/version.py b/capa/version.py index 5becc17c04..6849410aae 100644 --- a/capa/version.py +++ b/capa/version.py @@ -1 +1 @@ -__version__ = "1.0.0" +__version__ = "1.1.0"