From 134421494a7375a9918c80e084ea033afe3e3891 Mon Sep 17 00:00:00 2001
From: FarghlyMal <133105828+FarghlyMal@users.noreply.github.com>
Date: Wed, 8 Apr 2026 20:43:04 +0200
Subject: [PATCH] Update BlueHammer_tool.yar

---
 yara/BlueHammer_tool.yar | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/yara/BlueHammer_tool.yar b/yara/BlueHammer_tool.yar
index a73900d1..35a9d3b1 100644
--- a/yara/BlueHammer_tool.yar
+++ b/yara/BlueHammer_tool.yar
@@ -1,6 +1,6 @@
 rule HKTL_BlueHammer_Apr26 {
    meta:
-      author = "AzizFarghly"
+      author = "AzizFarghly (Nextron-Systems)"
       description = "Detects Nightmare-Eclipse/BlueHammer (FunnyApp), a Windows local privilege escalation PoC that abuses a Defender signature-update RPC and a junction/symlink race to leak the SAM hive and derive NTLM hashes - giving an unprivileged user full SYSTEM-level credential access."
       date = "2026-04-07"
       reference = "https://github.com/Nightmare-Eclipse/BlueHammer"