capa

Contributed to capa, Mandiant’s open-source malware analysis framework used by reverse engineers, and threat analysts globally.

Refactored the TCP socket connection rule in capa-rules to improve modularity.

Extracted a generic “connect socket” rule then composed TCP and UDP rules on top of it.

Authored a new UDP connect rule (previously absent) by pairing it with the existing “create UDP socket” rule.

Added a UDP test binary to capa-testfiles to validate the new rule, ensuring it fires accurately during analysis.

PRs merged: capa-rules#1017, capa-testfiles#280