Add LdrCallEnclave in execute-shellcode-via-windows-callback-function.yml (#1076)

Author: jtothej

load-code/shellcode/execute-shellcode-via-windows-callback-function.yml

@@ -20,6 +20,7 @@ rule:
       - http://ropgadget.com/posts/abusing_win_functions.html
       - https://github.com/aahmad097/AlternativeShellcodeExec/
       - https://osandamalith.com/2021/04/01/executing-shellcode-via-callbacks/
+      - https://github.com/tlsbollei/Malware-Training/blob/main/Code%20Injection/LdrCallEnclave.cpp
     examples:
       - 10cd7afd580ee9c222b0a87ff241d306:0x10008BE0
       - 268d61837aa248c1d49a973612a129ce:0x1000CEC0
@@ -78,6 +79,7 @@ rule:
         - api: EnumerateLoadedModules
         - api: GrayString
         - api: ImmEnumInputContext
+        - api: LdrCallEnclave
         - api: LineDDA
         - and:
           - api: SymInitialize