UTC: 2026-04-30 00:08
virtualex-itv/chocolatey-packages
This file is automatically generated by the update_all.ps1 script using the Chocolatey-AU module.
Ignored | History | Force Test | [Rele
Albert Zsigovits albertzsigovits
🕹️
usualsuspect
/ knotweed_config_extractor.py
Last active
February 5, 2023 18:36
Config extractor for Jumplump malware family from the Knotweed report
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # Author: @jaydinbas | |
| # | |
| # Extract config from Knotweed Jumplump samples | |
| # Note: Not all samples tagged as 'Jumplump' in the MS report | |
| # contain a config, some just load other samples that do | |
| # | |
| # Works for | |
| # cbae79f66f724e0fe1705d6b5db3cc8a4e89f6bdf4c37004aa1d45eeab26e84b |
virtualex-itv
/ Update-AUPackages.md
Last active
April 30, 2026 00:14
Update-AUPackages Report #powershell #chocolatey
tserj
/ clDeviceQuery.cpp
Last active
April 19, 2026 13:23
— forked from tzutalin/clDeviceQuery.cpp
Query OpenCL devices
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Copyright 1993-2009 NVIDIA Corporation. All rights reserved. | |
| Modified by Mark Zwolinski, December 2009 | |
| Modified by Robert McGibbon, August 2013 | |
| */ | |
| #define CL_TARGET_OPENCL_VERSION 220 | |
| #ifdef __APPLE__ | |
| #include <OpenCL/opencl.h> | |
| #else | |
| #include <CL/cl.h> |
I've shared this technique with some people privately, but might as well share it publicly now since I was asked about it. I've been using this for a while now with good success. It works well for parsing .NET droppers and other things.
If you don't know what the -D flag to YARA does I suggest you import a module and run a file through using that flag. It will print, to stdout, everything the module parsed that doesn't involve you calling a function. This is a great way to get a quick idea for the structure of a file.
For example:
wxs@mbp yara % cat always_false.yara
Neo23x0
/ yara_performance_guidelines.md
Last active
July 14, 2025 09:04
YARA Performance Guidelines
This Gist has been transfered into a Github Repo. You'll find the most recent version here.
When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.
- Revision 1.4, October 2020, applies to all YARA versions higher than 3.7