diff --git a/yml/microsoft/built-in/cryptnet.yml b/yml/microsoft/built-in/cryptnet.yml
new file mode 100644
index 0000000..07cb7dc
--- /dev/null
+++ b/yml/microsoft/built-in/cryptnet.yml
@@ -0,0 +1,24 @@
+---
+Name: cryptnet.dll
+Author: Will Summerhill
+Created: 2024-11-22
+Vendor: Microsoft
+ExpectedLocations:
+- '%SYSTEM32%'
+- '%SYSWOW64%'
+ExpectedSignatureInformation:
+- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+  Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+  Type: Catalog
+VulnerableExecutables:
+- Path: 'C:\Program Files\Microsoft Deployment Toolkit\Bin\Microsoft.BDD.Catalog35.exe'
+  Type: Sideloading
+  ExpectedSignatureInformation:
+  - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Type: Catalog
+Resources:
+- https://x.com/BSummerz/status/1860045985919205645
+Acknowledgements:
+- Name: Will Summerhill
+  Twitter: '@BSummerz'