I hereby claim:
- I am ForyxCraft on github.
- I am flawcra (https://keybase.io/flawcra) on keybase.
- I have a public key whose fingerprint is 1393 0B18 F477 2FF3 352B F53D F2CE 181F 86A3 0EB5
To claim this, I am signing this object:
Xanax-C-137
/ XProtect.yara
Created
July 18, 2023 15:51
Apple OSX built in file defense is powered by YARA: /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Resources
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "hash" | |
| private rule Macho | |
| { | |
| meta: | |
| description = "private rule to match Mach-O binaries" | |
| condition: | |
| uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca | |
| } |
Xanax-C-137
/ keybase.md
Created
January 19, 2022 17:42