PoC Exploits for YARA 3.7.1 & 3.8.1
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
yarasm-syntax
.gitignore
README.md
assembler.py
build.py
example.gif
example2.gif
extracheese.rule
extracheese.yarasm
gadgets.md
op_offset_poc.rule
op_offset_poc.yarasm
requirements.txt
swisscheese.rule
swisscheese.yarasm
yara.bt
yara_hash.py
yara_types.py

README.md

PoC YARA Exploits

  • 3.7.1 32 bit using CVE-2018-12034 and CVE-2018-12035 (write-up).
  • 3.8.1 32 bit using CVE-2018-19974, CVE-2018-19975 and CVE-2018-19976 (write-up)

YARASM Syntax Highlighting for VSCode

Install by copying yarasm-syntax folder to %USERPROFILE%\.vscode\extensions\

Usage

usage: build.py [-h] [-y YARA_ASM] [-v {3.8.1,3.7.1}] [-o OUTPUT]

optional arguments:
  -h, --help            show this help message and exit
  -y YARA_ASM, --yara-asm YARA_ASM
                        yara asm file, defaults to "extracheese.yarasm"
  -v {3.8.1,3.7.1}, --target-version {3.8.1,3.7.1}
                        yara version
  -o OUTPUT, --output OUTPUT
                        defaults to "extracheese.rule"