[New Rule] Potential Masquerading as Windows System32 DLL (#3021)

Browse Source

* [New Rule] Potential Masquerading as Windows System32 DLL

* Update rules_building_block/defense_evasion_masquerading_windows_dll.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Update rules_building_block/defense_evasion_masquerading_windows_dll.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

* Restrict logic

* Update defense_evasion_masquerading_windows_dll.toml

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

(cherry picked from commit 7496c5cb68)

...

This commit is contained in:

Jonhnathan

2023-08-28 08:31:20 -03:00

committed by github-actions[bot]

parent f00a14c3af

commit 112e2f2864

1 changed files with 84 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

rules_building_block/defense_evasion_masquerading_windows_dll.toml

+84

File diff suppressed because one or more lines are too long