detect uncommon .NET entry points

mandiant / capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

https://github.com/mandiant/capa/

Apache License 2.0

526 stars 159 forks source link

detect uncommon .NET entry points #725

Open mike-hunhoff opened 1 year ago

mike-hunhoff commented 1 year ago

This article describes multiple .NET entry points, where some of these are often leveraged by malware and obfuscators. I think it beneficial to bring these uncommon, or commonly malicious, entry points to the attention of capa users to help guide analysis to interesting code.

mike-hunhoff commented 1 year ago

This may require adding new characteristic features.