Sneed-Reactivity/yara-mikesxrs/crowdstrike/CVE_2014_4113.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

15 lines
No EOL
404 B
Text

rule CrowdStrike_CVE_2014_4113 {
meta:
copyright = "CrowdStrike, Inc"
description = "CVE-2014-4113 Microsoft Windows x64 Local Privilege Escalation Exploit"
version = "1.0"
last_modified = "2014-10-14"
in_the_wild = true
strings:
$const1 = { fb ff ff ff }
$const2 = { 0b 00 00 00 01 00 00 00 }
$const3 = { 25 00 00 00 01 00 00 00 }
$const4 = { 8b 00 00 00 01 00 00 00 }
condition:
all of them
}