diff --git a/nursery/add-value-to-global-atom-table.yml b/nursery/add-value-to-global-atom-table.yml new file mode 100644 index 00000000..796b9198 --- /dev/null +++ b/nursery/add-value-to-global-atom-table.yml @@ -0,0 +1,13 @@ +rule: + meta: + name: add value to global atom table + namespace: host-interaction/process/inject + authors: + - "@mr-tz" + scope: function + references: + - https://www.fortinet.com/blog/threat-research/atombombing-brand-new-code-injection-technique-for-windows + - https://github.com/BreakingMalwareResearch/atom-bombing + features: + - and: + - api: GlobalAddAtom