Skip to content

Instantly share code, notes, and snippets.

Avatar

Lloyd LloydLabs

View GitHub Profile
@LloydLabs
LloydLabs / smbghost.yara
Last active Apr 7, 2020
This is a rule to attempt to detect the SMBGhost packet (derived from https://github.com/ollypwn/SMBGhost/blob/master/scanner.py)
View smbghost.yara
rule SMBv3_Scanner {
meta:
date = "2020-03-11"
author = "@LloydLabs"
author_url = "https://blog.syscall.party"
strings:
$pkt = {00 00 00 c0 fe 53 4d 42 40 00 00 00 00 00 00 00
00 00 1f 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00