SigmaStar
SigmaStar
[sigma](https://github.com/SigmaHQ/sigma)/[rules](https://github.com/SigmaHQ/sigma/tree/master/rules)/[windows](https://github.com/SigmaHQ/sigma/tree/master/rules/windows)/[process_creation](https://github.com/SigmaHQ/sigma/tree/master/rules/windows/process_creation)/proc_creation_win_powershell_susp_parameter_variation.yml: r' -win?d?o?w?s?t?y?l?e? hi?d?d?e?', r' -NoPr?o?f?i?l?e?', r' -nonint?e?r?a?c?t?i?v? ', r' -enc?o?d?e?d?C?o?m?m?a?n? ', r' -ec', r' -executionp?o?l?i?c? ', r' -exe?c?u?t?i?o?n? bypass', r' -ep bypass', use regex above, please.
change opcode save from opcodes.append(binascii.hexlify(text_part[:16])) to opcodes.append(text_part[:16].hex()) would work perfectly because json cannot dump dict whose key type is bytes
After downloading ntkrnlmp.pdb the program stucked while running symbols.py @ line 200 and no error was reported.
是否有可能在批量执行命令时加入同步按钮,即等上一个命令执行完成后再发送下一条命令?
### Verify steps - [X] Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome. - [X] I have searched on...
I have installed unipacker but it cannot unpack PECompact samples: It gives following errors: `Next up: Sample: [PECompact] lbop20_PECompact.exe Traceback (most recent call last): File "/home/wnm/anaconda3/envs/sunflower/bin/unipacker", line 33, in sys.exit(load_entry_point('unipacker==1.0.7',...
How to use PatternLanguage in other language for example C/C++/Python? Can I compile the language processing engine to a shared library so I can call and parse structure in other...