GCTI
GCTI copied to clipboard
desc: meta data clean-up, fix: Sliver rule FPs with CloudFoundry, refactor: avoid AV detection
- I've cleaned up and extended the meta data. This PR is just an offer. Pull it if you find the changes useful.
- I've also handled a false positive triggered by the Sliver rules on CloudFoundry clients
- I've also modified the rules so that they don't get detected and removed by Kaspersky and Avast AV engines
Sample with FPs : https://www.virustotal.com/gui/file/bab4a6db5d52a55b82cefccfa94c1a084f20d6adc7f94e9586a59919beb15185/detection