User Tools

Site Tools


krd:signatures

Signatures file 0.1 pre

* Information on signature generation: siggen

Here is a snippet of the current signatures file:

The structure is pretty simple. There are two lines for each signature..

*The first line is the hex signature of what we are looking for: strings, data, etc.

*The second line is the description.

So if the string 0A0B0C0D0E0F is found in /proc/kcore, krd will display:

FOUND: first rare hex

# SIGNATURE FILES

# FOR KRD - USE \nHEX\ndescription\n

# *NEVER* ever put what the hex means if its a string - this would trigger

# krd to detect it on the next execution!

0A0B0C0D0E0F

first rare hex

0A1B0C0D1E0F

second rare hex

0A0B0C55440F

third rare hex

2E2F736B

did someone try to execute sk?

656C697465

something leet has been found.

krd/signatures.txt · Last modified: 2010/04/15 21:18 (external edit)