Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add Windows Minidump file signature

Browse source 
This signature is relevant for process dumps on Windows that could be extracted by various tools. The unencrypted transmission of the dump of a critical system process (for example, lsass.exe) via network would be detected by this rule.
This commit is contained in:
Alexander Bolshakov 2019-06-28 14:43:38 +03:00 committed by GitHub
parent 7b56925b77
commit 1759205930
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/base/frameworks/files/magic/general.sig
View file

@ -414,3 +414,9 @@ signature file-vim-tmp {
file-mime "application/x-vim-tmp", 100 file-mime "application/x-vim-tmp", 100
file-magic /^b0VIM/ file-magic /^b0VIM/
} }
# Windows Minidump
signature file-windows-minidump {
file-mime "application/x-windows-minidump", 50
file-magic /^MDMP/
}