mandiant/capa-rules

detect uncommon .NET entry points

Open

#725 aberto em 16 de mar. de 2023

Ver no GitHub
 (1 comment) (3 reactions) (0 assignees) (234 forks)github user discovery
good first issuerule idea

Métricas do repositório

Stars
 (721 stars)
Métricas de merge de PR
 (Métricas PR pendentes)

Description

This article describes multiple .NET entry points, where some of these are often leveraged by malware and obfuscators. I think it beneficial to bring these uncommon, or commonly malicious, entry points to the attention of capa users to help guide analysis to interesting code.

Guia do colaborador