Wesley Shields
Wesley Shields
Thanks for catching this. I don't have a version of OpenSSL around that is new enough to have these functions deprecated out, but after checking https://github.com/openssl/openssl/blob/master/include/openssl/x509.h#L670-L675 I think this should...
Correct, YARA does not decode (or is it encode) the unicode characters used in the subject. You need to represent them as escaped bytes by just copy/pasting them from the...
This is probably do-able but why not just make your value an integer and divide by 100 in python (obviously use floating point division). This will get you the percentage...
What's is the hash of the file, assuming it is on VT, and what is the rule?
If you want to see if a section exists you can just do `pe.section_index(".foo") >= 0`. If the section name does not exist you end up with `UNDEFINED >= 0`...
Ah, I see now. Thank you for the clarification. I wasn't accurate earlier when I said `UNDEFINED >= 0` will always be false. It's actually it will always be `UNDEFINED.`...
I'll take a look at this in the next few days. Sorry for the delay.
Thank you so much for making this more robust - and now I understand more about what you were talking about on twitter a few months ago! This makes a...
Awesome! And thanks again for these contributions. I have always tried to err on the side of "if windows loads this, we should parse it" but in this particular case...
I haven't looked at the code but do want to point out that this may result in a differential between a windows version and non-windows that can be difficult to...