mandiant/capa-rules

detect uncommon .NET entry points

Open

#725 opened on Mar 16, 2023

View on GitHub
 (1 comment) (3 reactions) (0 assignees) (234 forks)github user discovery
good first issuerule idea

Repository metrics

Stars
 (721 stars)
PR merge metrics
 (PR metrics pending)

Description

This article describes multiple .NET entry points, where some of these are often leveraged by malware and obfuscators. I think it beneficial to bring these uncommon, or commonly malicious, entry points to the attention of capa users to help guide analysis to interesting code.

Contributor guide