mguerreiro

YARA Performance Guidelines

When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.

• Revision 1.1, February 2016, applies to all YARA version 3.3+

Global Rules

Global rules are evaluated first. Only if they are satisfied non-global rules are evaluated. This may be useful if all samples exhibit the same characteristics. Use them combined with the "private" statement to suppress a match notification on the global rules.

KrE80r

/*
* A PTRACE_POKEDATA variant of CVE-2016-5195
* should work on RHEL 5 & 6
* 
* (un)comment correct payload (x86 or x64)!
* $ gcc -pthread c0w.c  -o c0w
* $ ./c0w
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* mmap fa65a000

fly2xiang

<?php

/**
 * http://ucren.com/blog/archives/549
 * 利用零宽字符“隐藏”信息
 * 每个字符都有一个唯一的编码，将编码以 2 进制表示得到 01.. 的字串，把 1 替换成 U+200C，把 0 替换成 U+200D 就得到一个全零宽空白的字符串
 * 在 unicode 里，至少有 U+200B, U+200C, U+200D 和 U+FEFF 四个零宽字符
 */

alexeagle

javascript:(function() {

function copyToClipboard(text) {
    if (window.clipboardData && window.clipboardData.setData) {
        /*IE specific code path to prevent textarea being shown while dialog is visible.*/
        return clipboardData.setData("Text", text); 

    } else if (document.queryCommandSupported && document.queryCommandSupported("copy")) {
        var textarea = document.createElement("textarea");
        textarea.textContent = text;

wbenny

Windows system calls

...by stub

x86

Windows XP

B8 ?? ?? ?? ??                mov     eax, ??
BA 00 03 FE 7F                mov     edx, 7FFE0300h

enisozgen

- name: Check is rvm installed
  shell: command -v rvm >/dev/null 2>&1
  register: is_rvm_exist
  ignore_errors: yes

- debug: msg="{{ is_rvm_exist.rc }}" # it returns rc 1
- debug: var=is_rvm_exist

- name: Check is ls installed
  shell: command -v ls >/dev/null 2>&1

Tr3jer

/*
 Navicat Premium Data Transfer

 Source Server         : localhost
 Source Server Type    : MySQL
 Source Server Version : 50542
 Source Host           : localhost
 Source Database       : rule

 Target Server Type    : MySQL

xorrior

using System;
using System.IO;
using System.IO.Compression;
using System.Text;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;

WincerChan

var rand1 = Math.floor(Math.random()*410);quotes = new Array
quotes[0]='若隐若现才是艺术！    ——「问题儿童来自异世界」'
quotes[1]='下一次重逢，将是何年何月？天空必将见证。    ——「SOLA」'
quotes[2]='如果你都不知道自己想去哪里，那去哪里都是一样的。    ——「柴郡猫」'
quotes[3]='一定没有问题的！    ——「魔卡少女樱」'
quotes[4]='这是眼泪吗？原来眼泪是这么的温暖，我一直以为，哀伤的东西都是冰冷的。    ——「风色幻想」'
quotes[5]='桑丘，让他们管我叫疯子吧，我还疯得不够，所以得不到他们的赞许。    ——「堂吉诃德」'
quotes[6]='美好的人眼裡映出的世界也是美好的。    ——「ARIA」'
quotes[7]='如果不能忠于自己的心，胜负又有什么价值呢？    ——「塔希里亚故事集」'
quotes[8]='天空本是一种风景，可是遇见你之后，它变成了一种心情。    ——「九ちのセカィ」'

johnloy

Electron apps

• Marp: Markdown presentation ecosystem.

• muryoimpl/slippr: markdown presentation app by Electron

• joe-re/cafe-pitch Markdown-driven presentation tool built on Electron.

Slide deck frameworks supporting Markdown source