Florian Roth
Florian Roth
Is it possible to run the tests against localhost? ``` C:\malware>PurpleSharp_x64.exe /t 1218.011 /rhost localhost /ruser neo /d DESKTOP-8ERPDM5 Password for DESKTOP-8ERPDM5\neo: [+] Uploading and executing the Scout on \\localhost\C$\Windows\Temp\Scout.exe...
macOS 10.15 Catalina prevents floss from being executed. It's not possible to whitelist floss via Finder App as you can do it with normal Apps. However, you can find blocked...
- I would like to be able to reset the check interval for all credentials - I would like to be able to drop the whole credentials table - I...
See: https://windows-internals.com/printdemon-cve-2020-1048/
A new keyword `hex` that encodes a string could improve the rule writing process to face the rise of malicious embedded scripts in OLE objects. Instead of the string ```...
I upgraded yara-python from 3.5.0 to 3.6.3 and noticed errors if conditions contain a `hash.md5` statement. ``` invalid field name "md5" ``` In version 3.5.0, the `pe.imphash` wasn't available. I...
Changes that allow it to match on - small PE files with a few of the strings - memory (by removing `filesize` restriction) - reduce the number of strings by...
- I've cleaned up and extended the meta data. This PR is just an offer. Pull it if you find the changes useful. - I've also handled a false positive...
Important changes: - 2 condition bugs - Regex using .* Optional changes: - Regex split up to strings