timb-machine · February 28, 2021 21:28
diff --git a/ciscotools.yara b/ciscotools.yara
 rule ciscotools {
  meta:
    author = "Tim Brown @timb_machine"
    description = "Cisco tools"
  strings:
    $labs = "labs.portcullis.co.uk"
    $portcullislabs = "portcullislabs"
    $CiscoCXSecurity = "CiscoCXSecurity"
    $timb_machine = "timb_machine"
    $pentestmonkey = "pentestmonkey"
    $enum4linux = "enum4linux"
    $linikatz = "linikatz"
    $unixprivesccheck = "unix-privesc-check"
  condition:
    $labs or $portcullislabs or $CiscoCXSecurity or $timb_machine or $pentestmonkey or $enum4linux or $linikatz or $unixprivesccheck
 }
	rule ciscotools {
	meta:
	author = "Tim Brown @timb_machine"
	description = "Cisco tools"
	strings:
	$labs = "labs.portcullis.co.uk"
	$portcullislabs = "portcullislabs"
	$CiscoCXSecurity = "CiscoCXSecurity"
	$timb_machine = "timb_machine"
	$pentestmonkey = "pentestmonkey"
	$enum4linux = "enum4linux"
	$linikatz = "linikatz"
	$unixprivesccheck = "unix-privesc-check"
	condition:
	$labs or $portcullislabs or $CiscoCXSecurity or $timb_machine or $pentestmonkey or $enum4linux or $linikatz or $unixprivesccheck
	}