mandiant/capa-rules

detect uncommon .NET entry points

Open

#725 geöffnet am 16. März 2023

Auf GitHub ansehen
 (1 Kommentar) (3 Reaktionen) (0 zugewiesene Personen) (234 Forks)github user discovery
good first issuerule idea

Repository-Metriken

Stars
 (721 Stars)
PR-Merge-Metriken
 (PR-Metriken ausstehend)

Beschreibung

This article describes multiple .NET entry points, where some of these are often leveraged by malware and obfuscators. I think it beneficial to bring these uncommon, or commonly malicious, entry points to the attention of capa users to help guide analysis to interesting code.

Contributor Guide