mandiant/capa-rules

detect uncommon .NET entry points

Open

#725 ouverte le 16 mars 2023

Voir sur GitHub
 (1 commentaire) (3 réactions) (0 assignés) (234 forks)github user discovery
good first issuerule idea

Métriques du dépôt

Stars
 (721 stars)
Métriques de merge PR
 (Métriques PR en attente)

Description

This article describes multiple .NET entry points, where some of these are often leveraged by malware and obfuscators. I think it beneficial to bring these uncommon, or commonly malicious, entry points to the attention of capa users to help guide analysis to interesting code.

Guide contributeur