qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Exploit/MacOS/TPwn/Exploit_MacOS_TPwn_A_MTB.yar

14 lines
680 B
Plaintext
Raw Blame History

rule Exploit_MacOS_TPwn_A_MTB{
meta:
description = "Exploit:MacOS/TPwn.A!MTB,SIGNATURE_TYPE_MACHOHSTR_EXT,04 00 04 00 04 00 00 01 00 "
strings :
$a_00_0 = {6c 65 61 6b 65 64 20 6b 61 73 6c 72 20 73 6c 69 64 65 2c 20 40 20 30 78 25 30 31 36 6c 6c 78 } //01 00 leaked kaslr slide, @ 0x%016llx
$a_00_1 = {45 73 63 61 6c 61 74 69 6e 67 20 70 72 69 76 69 6c 65 67 65 73 } //01 00 Escalating privileges
$a_00_2 = {52 65 63 75 72 73 69 76 65 4c 6f 63 6b 55 6e 6c 6f 63 6b } //01 00 RecursiveLockUnlock
$a_00_3 = {6b 65 72 6e 65 6c 20 68 65 61 70 20 6d 61 79 20 62 65 20 63 6f 72 72 75 70 74 65 64 } //00 00 kernel heap may be corrupted
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink