CAPA: The Basics

https://tryhackme.com/room/capabasics

(Common Analysis Platform for Artifacts)

It is designed to identify the capabilities present in executable files like Portable Executables (PE), ELF binaries, .NET modules, shellcode, and even sandbox reports. It does so by analyzing the file and applying a set of rules that describe common behaviours, allowing it to determine what the program is capable of doing, such as network communication, file manipulation, process injection, and many more.

PreviousDigital Forensics Fundamentals NextSecurity Solutions

Last updated 1 month ago