Passing all the lint rules and the test

aryanyk · aryanyk · commit 2f10cb6463b0 · 2026-04-07T17:15:19.000+05:30
diff --git a/nursery/check-for-time-delay-in-dotnet.yml b/nursery/check-for-time-delay-in-dotnet.yml
@@ -0,0 +1,24 @@
+rule:
+  meta:
+    name: check for time delay in .NET
+    namespace: anti-analysis/anti-debugging/debugger-detection
+    authors:
+      - "@aryanyk"
+    description: detects potential debugger checks by comparing Environment.TickCount values around Thread.Sleep calls.
+    scopes:
+      static: function
+      dynamic: unsupported  # relies on static analysis of IL property access and timing patterns
+    att&ck:
+      - Defense Evasion::Virtualization/Sandbox Evasion [T1497]
+    mbc:
+      - Anti-Behavioral Analysis::Debugger Detection::Timing/Delay Check GetTickCount [B0001.032]
+    references:
+      - https://github.com/Outbuilt/.NET-Anti-Debug
+    examples:
+      - e842958188274d5ffee7fbeffb803b2e:0x6000001
+
+  features:
+    - and:
+      - format: dotnet
+      - api: System.Threading.Thread::Sleep
+      - count(property(System.Environment::TickCount)): 2 or more
