nasbench
commented
2 months ago There is already a dedicated rule for RTLO. See ad691d92-15f2-4181-9aa4-723c74f9ddc3 I added related fields for future reference.
Thanks.
Closed secDre4mer closed 2 months ago
nasbench
commented
2 months ago There is already a dedicated rule for RTLO. See ad691d92-15f2-4181-9aa4-723c74f9ddc3 I added related fields for future reference.
Thanks.
Summary of the Pull Request
Add further Unicode characters for potential obfuscation (most notably the infamous Right-to-Left Override).
Changelog
update: Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image - Add coverage for
0x00A0update: Potential CommandLine Obfuscation Using Unicode Characters - Add coverage for0x00A0Example Log Event
N/A
Fixed Issues
N/A
SigmaHQ Rule Creation Conventions