Cloutain
/ alg_crypto_rc4.yara
Created
May 14, 2024 08:21
— forked from shellcromancer/alg_crypto_rc4.yara
Identify code for the RC4 cryptographic algorithm.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule alg_crypto_rc4 { | |
| meta: | |
| descrption = "Identify code for the (A)RC4 cryptographic algorithm." | |
| author = "@shellcromancer <root@shellcromancer.io>" | |
| version = "0.1" | |
| date = "2022-01-03" | |
| reference = "https://www.goggleheadedhacker.com/blog/post/reversing-crypto-functions#identifying-rc4-in-assembly" | |
| reference = "https://0xc0decafe.com/detect-rc4-encryption-in-malicious-binaries/" | |
| reference = "https://blog.talosintelligence.com/2014/06/an-introduction-to-recognizing-and.html" | |
| strings: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * fork.c | |
| * Experimental fork() on Windows. Requires NT 6 subsystem or | |
| * newer. | |
| * | |
| * Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org> | |
| * | |
| * Permission to use, copy, modify, and/or distribute this software for any | |
| * purpose with or without fee is hereby granted, provided that the above | |
| * copyright notice and this permission notice appear in all copies. |
Cloutain
/ enableDCI.txt
Created
May 21, 2020 03:08
— forked from eiselekd/enableDCI.txt
Enable DCI debugging on Gigabyte-BKi5HA-7200
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Enable DCI debugging on Gigabyte-BKi5HA-7200 | |
| -------------------------------------------- | |
| The Gigabyte-BKi5HA-7200 (Kabylake i5-7200 processor) can be debugged with only a USB debug cable, a | |
| special cable that crosses only the data signals and has the power signals | |
| removed. You can buy these cables at i.e. https://www.datapro.net/products/usb-3-0-super-speed-a-a-debugging-cable.html | |
| The hurdle you have to overcome before you can access DCI however is that you | |
| need to set some bits in hardware that first enable DCI and also enable the debug port so that DCI can control the cores. | |
| There are lots of guides in howto patch the BIOS but only these two really describes all the steps using only freely accessible tools: |