Merge branch 'SigmaHQ:master' into master

rules/windows/powershell/powershell_script/posh_ps_accessing_win_api.yml

@@ -4,7 +4,7 @@ status: experimental
 description: Detecting use WinAPI Functions in PowerShell
 author: Nikita Nazarov, oscd.community, Tim Shelton
 date: 2020/10/06
-modified: 2022/05/23
+modified: 2022/09/29
 references:
     - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse
 tags:
@@ -41,8 +41,8 @@ detection:
             # - 'WriteByte'  # FP with .NET System.IO.FileStream
             - 'WriteInt32'
             - 'OpenThreadToken'
-            - 'PtrToString'
-            - 'FreeHGlobal'
+            # - 'PtrToString'
+            # - 'FreeHGlobal'
             - 'ZeroFreeGlobalAllocUnicode'
             - 'OpenProcessToken'
             - 'GetTokenInformation'