sublime-security/sublime-rules

# Sublime 规则 by Sublime Security 本仓库包含 [Sublime](https://github.com/sublime-security/sublime-platform) 的开源规则，这是一个用于检测和防御 BEC、恶意软件和凭证钓鱼等邮件攻击的免费开放平台。 ## 示例 - [HTML smuggling](https://github.com/sublime-security/sublime-rules/search?q=html+smuggling) - [VIP / 高管冒充](https://github.com/search?q=repo%3Asublime-security%2Fsublime-rules+%22vip+impersonation%22&type=code) - [恶意 OneNote 文件](https://github.com/search?q=repo%3Asublime-security%2Fsublime-rules+%22onenote%22&type=code) - [恶意 LNK 文件](https://github.com/sublime-security/sublime-rules/blob/main/detection-rules/attachment_lnk_file_with_embedded_content.yml) - [加密 Zip 压缩包](https://github.com/sublime-security/sublime-rules/blob/main/detection-rules/attachment_with_encrypted_zip_unsolicited.yml) ## 社区规则源 - [DelivrTo](https://github.com/delivr-to/detections) - [vector-sec](https://github.com/vector-sec/public-sublime-rules) - [amitchell516](https://github.com/aidenmitchell/custom-sublime-rules) ## 了解更多 - [博客](https://sublime.security/blog) - [文档](https://docs.sublimesecurity.com) - [Message Query Language (MQL) 参考](https://docs.sublimesecurity.com/docs/message-query-language) - [更新日志](https://new.sublimesecurity.com) 在 [Twitter](https://twitter.com/sublime_sec) 上关注我们，获取有关新规则和检测能力的更新。

标签：DNS 反向解析, ESC8, HTML 走私, LNK 文件, Message Query Language, MQL, Object Callbacks, OneNote, Sublime Security, YARA, 云资产可视化, 商业电子邮件诈骗 (BEC), 安全检测规则, 开源安全工具, 社会工程学, 私有化部署, 网络钓鱼, 逆向工程平台, 邮件安全, 防御规避, 附件分析, 鱼叉式钓鱼