I hereby claim:
- I am latonis on github.
- I am jacoblatonis (https://keybase.io/jacoblatonis) on keybase.
- I have a public key ASA6c8HatsF7mxScL3VndCChwVf6x07SLA194KjThvoNugo
To claim this, I am signing this object:
import "macho" | |
rule macho_libframework_suspicious { | |
meta: | |
description = "Detects on LightSpy variant dylibs" | |
author = "Jacob Latonis @jacoblatonis" | |
date = "2024-04-25" | |
condition: | |
macho.has_dylib("/usr/lib/libsqlite3.dylib") and macho.has_dylib("/usr/local/lib/libframework.dylib") |
// For format details, see https://aka.ms/devcontainer.json. For config options, see the | |
// README at: https://github.com/devcontainers/templates/tree/main/src/rust | |
{ | |
"name": "YARA-X devcontainer (Jacob's Version)", | |
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile | |
"image": "mcr.microsoft.com/devcontainers/rust:1-1-bullseye", | |
"mounts": [ | |
"source=${localEnv:HOME}/yara/malware,target=/home/vscode/yara/malware,type=bind,consistency=cached", | |
"source=${localEnv:HOME}/yara/rules,target=/home/vscode/yara/rules,type=bind,consistency=cached" | |
] |
#!/usr/bin/env python | |
import argparse | |
import binascii | |
import hashlib | |
import os | |
import re | |
import sys | |
import traceback | |
__author__ = "Jeff White [karttoon] @noottrak" |
I hereby claim:
To claim this, I am signing this object:
FROM ubuntu:latest | |
RUN apt-get update && \ | |
apt-get install -y build-essential git cmake \ | |
zlib1g-dev libevent-dev \ | |
libelf-dev llvm \ | |
clang libc6-dev-i386 | |
RUN mkdir /src && \ | |
git init |