Search:

Type: Posts; User: w@rri0r@bh@y

Search: Search took 0.20 seconds.

  1. Replies
    14
    Views
    12,736

    APT SafeNet

    rule APT_SafeNet {
    meta:
    author = "w@rri0r@bh@y"
    strings :
    $magic = "{\\rt"
    $v0 = "eb06eb040b0b"
    $v1 = "63cb68dededede"
    $v2 = "poiu="
    condition :
    ($magic at 0) and (3...
  2. Replies
    14
    Views
    12,736

    APT SafeNet

    rule APT_SafeNet {
    meta:
    author = "w@rri0r@bh@y"
    strings :
    $magic = "{\\rt"
    $v0 = "eb06eb040b0b"
    $v1 = "63cb68dededede"
    $v2 = "poiu="
    condition :
    ($magic at 0) and (3...
  3. Its for word 2010 x86 (32 bit version)

    Its for word 2010 x86 (32 bit version)
  4. Replies
    14
    Views
    12,736

    Kuluoz/Asprox

    rule Kuluoz/Asprox {
    meta:
    author = "w@rri0r@bh@y"
    strings :
    $magic = "MZ"
    $v0 = ".data2"
    $v1 = ".data3"
    $v2 = "OpenKeyExW"
    $k0 =...
  5. Bypassing DEP using VirtualAlloc for MS WORD 2010 in Windows 7

    Exploit For MS WORD 2010

    ASLR BYPASS - MSCOMCTL.OCX (non-ASLR Module)
    DEP BYPASS - Complete code in code section

    #ROP CHAIN


    control = "01115827" #0x27581101 # RET [Module: Mscomctl.OCX]...
  6. Replies
    14
    Views
    12,736

    yara rule for cve-2012-0158

    rule doc_0158{
    meta:
    author = "w@rri0r@bh@y"
    strings :
    $magic = { D0 CF 11 E0 }
    $v0 = "CONTROL MSComctlLib.Toolbar.2"
    $v1 = "ComObj" wide
    $v2 = "OCXNAME" wide
    $v3 =...
Results 1 to 6 of 6