sigmaDRL-1.1from SigmaHQ/sigma
Arbitrary DLL or Csproj Code Execution Via Dotnet.EXE
Detects execution of arbitrary DLLs or unsigned code via a ".csproj" files via Dotnet.EXE.
Quality
74
FP risk
—
Forks
0
Views
1
ATT&CK techniques
Rule source🔒 locked
🔒
Sign in to view the rule source
Free accounts can view the source for the top-ranked rules. Create one in seconds — no credit card required.
Sign in →