I hereby claim:
- I am g-les on github.
- I am glesnewich (https://keybase.io/glesnewich) on keybase.
- I have a public key ASC1pkCbjKDRmT41uYt-kT0-3i4YkwNvWM5PUPNx__axaQo
To claim this, I am signing this object:
Greg Lesnewich g-les
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bv.navigate(bv.view, bv.get_next_data_var_start_after(here)) |
g-les
/ donut_shellcode_fixed.yar
Created
February 9, 2022 21:53
Telsy's Awesome Donut Shellcode YARA Rule
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule donut_shellcode_fixed | |
| { | |
| meta: | |
| description = "Tested against shellcodes x86/x64 generated by Donut v0.9.3" | |
| author = "Telsy CTI team" | |
| date = "18/11/2021" | |
| condition: | |
| uint8(0) == 0xe8 and // shellcode starts with a call | |
| uint32(1) == uint32(5) and | |
| // xor generator key and xor initial key cannot be null it is 32 bytes |
g-les
/ keybase.md
Created
January 10, 2022 19:22
g-les
/ 100_days_of_yara.yar
Last active
September 26, 2022 01:01
100 Days of YARA to be updated with rules & ideas as the year progresses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Goals for #100DaysofYARA: | |
| better understanding of bitwise operators | |
| use math module beyond general entropy of a section / resource | |
| position specific things beyond what PE module tells us | |
| do some funky stuff with hashing | |
| */ |