From 2f10cb6463b0d23be2e28d44debd50a4dd788163 Mon Sep 17 00:00:00 2001
From: Aryan <aryanyk562@gmail.com>
Date: Tue, 7 Apr 2026 17:15:19 +0530
Subject: [PATCH] Passing all the lint rules and the test

---
 nursery/check-for-time-delay-in-dotnet.yml | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 nursery/check-for-time-delay-in-dotnet.yml

diff --git a/nursery/check-for-time-delay-in-dotnet.yml b/nursery/check-for-time-delay-in-dotnet.yml
new file mode 100644
index 000000000..42e8d0cf6
--- /dev/null
+++ b/nursery/check-for-time-delay-in-dotnet.yml
@@ -0,0 +1,24 @@
+rule:
+  meta:
+    name: check for time delay in .NET
+    namespace: anti-analysis/anti-debugging/debugger-detection
+    authors:
+      - "@aryanyk"
+    description: detects potential debugger checks by comparing Environment.TickCount values around Thread.Sleep calls.
+    scopes:
+      static: function
+      dynamic: unsupported  # relies on static analysis of IL property access and timing patterns
+    att&ck:
+      - Defense Evasion::Virtualization/Sandbox Evasion [T1497]
+    mbc:
+      - Anti-Behavioral Analysis::Debugger Detection::Timing/Delay Check GetTickCount [B0001.032]
+    references:
+      - https://github.com/Outbuilt/.NET-Anti-Debug
+    examples:
+      - e842958188274d5ffee7fbeffb803b2e:0x6000001
+
+  features:
+    - and:
+      - format: dotnet
+      - api: System.Threading.Thread::Sleep
+      - count(property(System.Environment::TickCount)): 2 or more