[[krd:signatures]]
 
Trace: admin_tools capability_notes capceiling dll_hell_for_the_21st_century jail_syscall open_questions prerequisits general siggen signatures

Signatures file 0.1 pre

* Information on signature generation: siggen

Here is a snippet of the current signatures file:

The structure is pretty simple. There are two lines for each signature..

*The first line is the hex signature of what we are looking for: strings, data, etc.

*The second line is the description.

So if the string 0A0B0C0D0E0F is found in /proc/kcore, krd will display:

FOUND: first rare hex

# SIGNATURE FILES

# FOR KRD - USE \nHEX\ndescription\n

# *NEVER* ever put what the hex means if its a string - this would trigger

# krd to detect it on the next execution!

0A0B0C0D0E0F

first rare hex

0A1B0C0D1E0F

second rare hex

0A0B0C55440F

third rare hex

2E2F736B

did someone try to execute sk?

656C697465

something leet has been found.

krd/signatures.txt · Last modified: 2010/04/15 15:18 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki