Sneed-Reactivity/yara-mikesxrs/AirBnB/hacktool_macos_n0fate_chainbreaker.yara

14 lines
525 B
Text
Raw Permalink Normal View History

rule hacktool_macos_n0fate_chainbreaker
{
meta:
description = "chainbreaker can extract user credential in a Keychain file with Master Key or user password in forensically sound manner."
reference = "https://github.com/n0fate/chainbreaker"
author = "@mimeframe"
strings:
$a1 = "[!] Private Key Table is not available" wide ascii
$a2 = "[!] Public Key Table is not available" wide ascii
$a3 = "[-] Decrypted Private Key" wide ascii
condition:
all of ($a*)
}