Matt Brooks cmatthewbrooks
cmatthewbrooks
/ functoyara.py
Last active
February 8, 2018 16:30
Run from inside an r2 session to create a YARA signature for the bytes of the current function.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Author: Matt Brooks, @cmatthewbrooks | |
| DESCRIPTION: | |
| The functoyara.py script will output an opcode-based YARA | |
| signature from the current function of the r2 session. | |
| ARGS: |
cmatthewbrooks
/ indicator_args.py
Last active
December 19, 2018 02:01
Script from the pyiocutils.iocargs asciinema example.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| # Import from the pyiocutils package | |
| from pyiocutils.ioc import Ioc as Ioc | |
| from pyiocutils.iocargs import IocArgs as IocArgs | |
cmatthewbrooks
/ hello_world_plugin.py
Created
April 25, 2019 12:41
The simplest possible IDA plugin with multiple actions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################## | |
| # | |
| # Name: hello_world_plugin.py | |
| # Auth: @cmatthewbrooks | |
| # Desc: A test plugin to learn how to make these work; Specifically, how to | |
| # have multiple actions within the same plugin. | |
| # | |
| # In plain English, IDA will look for the PLUGIN_ENTRY function which | |
| # should return a plugin object. This object can contain all the | |
| # functionality itself, or it can have multiple actions. |