rule Windows_0day_Exploit_Developers_1 { meta: description = "Windows 0day EPATHOBJ local ring0 Exploit - Developer Names" score = 60 strings: $a = "taviso" fullword $b = "cmpxchg8b" fullword $c = "programmeboy" fullword condition: all of them } rule Windows_0day_Exploit_1 { meta: description = "Windows 0day EPATHOBJ local ring0 Exploit" score = 70 strings: $a = "PATHRECORD" fullword $b = "HRGN" fullword $c = "FlattenPath" fullword $d = "EndPath" fullword $e = "PolyDraw" fullword condition: all of them }