binaryalert icon indicating copy to clipboard operation
binaryalert copied to clipboard
verified publisher icon airbnb

require MZ to fix fp

Open ruppde opened this issue 2 years ago • 0 comments

to: @airbnb/binaryalert-maintainers cc: size: small resolves #

Background

rule produces false positives on e.g. debians /usr/share/doc/hashcat-data/examples/example.dict

Changes

require MZ bytes

Testing

running yara on mimikatz.exe

ruppde avatar Dec 12 '23 18:12 ruppde