Skip to content

Instantly share code, notes, and snippets.

View DuckLL's full-sized avatar

DuckLL DuckLL

97 followers · 95 following
View GitHub Profile
@Neo23x0
Neo23x0 / yara_performance_guidelines.md
Last active April 30, 2024 10:39
YARA Performance Guidelines

This Gist has been transfered into a Github Repo. You'll find the most recent version here.

YARA Performance Guidelines

When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.

  • Revision 1.4, October 2020, applies to all YARA versions higher than 3.7
@Inndy
Inndy / super_decoder.js
Last active October 19, 2021 05:34
Decode jsfuck / aaencode / jjencode
!function () {
var global = this;
var old_eval = global.eval;
var old_const = global.Function.prototype.constructor;
global.Function.prototype.constructor = function (code) {
console.log('Function Constructor: ' + code);
return old_const(code);
};
global.eval = function (code) {
console.log('EVIL: ' + code);
@Still34
Still34 / resolve-address.py
Last active January 12, 2021 10:44 — forked from xorhex/Resolve APIs - Code Snippet 2 - IDAPython script renaming the dword variables.
IDAPython Script for DWORD Renaming (Compatible with the Latest IDAPython)
import ida_idaapi, ida_kernwin, ida_bytes, ida_name
import sys
import random
import re
if sys.version_info.major == 3:
import tkinter as tk
from tkinter import filedialog
else:
import Tkinter, tkFileDialog