Skip to content

Instantly share code, notes, and snippets.

View nuvs's full-sized avatar

Navin ‘nuvs’ Jain nuvs

View GitHub Profile
@karanlyons
karanlyons / ZoomDaemon.yara
Last active August 5, 2024 23:37
Fixes for Zoom, RingCentral, Zhumu (and additional white labels) RCE vulnerabilities
private rule Macho
{
meta:
description = "private rule to match Mach-O binaries (copied from Apple's XProtect)"
condition:
uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca
}
rule ZoomDaemon
{