mandiant/capa-rules

detect uncommon .NET entry points

Open

#725 aperta il 16 mar 2023

Vedi su GitHub
 (1 commento) (3 reazioni) (0 assegnatari) (234 fork)github user discovery
good first issuerule idea

Metriche repository

Star
 (721 star)
Metriche merge PR
 (Metriche PR in attesa)

Descrizione

This article describes multiple .NET entry points, where some of these are often leveraged by malware and obfuscators. I think it beneficial to bring these uncommon, or commonly malicious, entry points to the attention of capa users to help guide analysis to interesting code.

Guida contributor