theflakes
commented
3 years ago Need to account for base64offset values: https://twitter.com/cyb3rops/status/1163714284163084289/photo/2
Closed theflakes closed 3 years ago
theflakes
commented
3 years ago Need to account for base64offset values: https://twitter.com/cyb3rops/status/1163714284163084289/photo/2
theflakes
commented
3 years ago Believe this is fixed now; offsets are calculated and single values and lists are base64 encoded.
See: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_encoded_frombase64string.yml