unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Being a tool while using a tool
This case is kinda DFIR-fascinating.There is an unwritten rule in the DFIR world that says –...
2025-1-25 01:22:29 | 阅读: 8 |
收藏
|
Hexacorn - www.hexacorn.com
7z
pluginsdir
analysis
nsi
huh
Smuggling payloads and tools in, using WIM images, Part 2
In this post we explore the dism.exe and WIM images a bit more. It turns out that WIM files...
2025-1-1 00:9:30 | 阅读: 4 |
收藏
|
Hexacorn - www.hexacorn.com
wim
newtest
lowpart
highpart
dism
Clean hash set – 12M rows
The file contains 12M+ of rows, each containing a set of popular hashes, and a file name ex...
2024-12-31 18:31:56 | 阅读: 2 |
收藏
|
Hexacorn - www.hexacorn.com
software
watermarked
firmwares
unlimited
dome
Smuggling payloads and tools in, using WIM images
We often hear of attackers bringing in their payloads via virtual drive images (f.ex. vhd,vhdx)...
2024-12-31 00:20:44 | 阅读: 5 |
收藏
|
Hexacorn - www.hexacorn.com
wim
mounted
lowpart
totalbytes
highpart
WIMMOUNTDATA ADS
In my old post I listed a number of ‘good Alternate Data Streams (ADS)’, and one of them wa...
2024-12-28 23:32:9 | 阅读: 0 |
收藏
|
Hexacorn - www.hexacorn.com
dism
wim
imagefile
3908
MoNotificationUxStub.exe lolbin
When you run MoNotificationUxStub.exe on Windows Server 2025, it will try to load the follo...
2024-12-27 00:16:22 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
windows
library
uus
umpdc
MLEngineStub.exe lolbin
When you run MLEngineStub.exe on Windows 2025, it will try to locate the following non-exis...
2024-12-27 00:7:47 | 阅读: 6 |
收藏
|
Hexacorn - www.hexacorn.com
windows
uus
mlengine
caveat
la57setup.exe & OOBEFodSetup.exe lolbin
When you run la57setup.exe or OOBEFodSetup.exe on Windows Server 2025, they will try to loa...
2024-12-26 23:44:11 | 阅读: 3 |
收藏
|
Hexacorn - www.hexacorn.com
windows
library
dism
la57setup
3 little secrets of netsh.exe
It is typical for many of us to discover ‘the cool thing’, and then quickly move on to research...
2024-12-25 23:15:42 | 阅读: 2 |
收藏
|
Hexacorn - www.hexacorn.com
netsh
scriptfile
aliasfile
lolbin
careful
Windows Server 2025 and MsMpEng.exe
Post navigation← PreviousPosted on 202...
2024-12-22 00:37:54 | 阅读: 12 |
收藏
|
Hexacorn - www.hexacorn.com
windows
defender
repeat
waaaay
Beyond good ol’ Run key, Part 146
I did consider writing about:C:\Windows\System32\WptsExtensions.dllbut this phantom...
2024-12-20 13:17:9 | 阅读: 5 |
收藏
|
Hexacorn - www.hexacorn.com
windows
phantom
loaded
Beyond good ol’ Run key, Part 145
Windows Server 2022 launches ctfmon.exe during its start and this process’ DLL dependencies...
2024-12-20 00:46:42 | 阅读: 4 |
收藏
|
Hexacorn - www.hexacorn.com
windows
launches
ctfmon
phantom
library
Windows Server 2022 and MsMpEng.exe
Running Procmon in a boot mode is a very powerful research tool. In this short post I want...
2024-12-20 00:28:1 | 阅读: 12 |
收藏
|
Hexacorn - www.hexacorn.com
defender
procmon
windows
clearly
surprised
dns.exe and its quirks
This is not a proper research yet. I just happened to stumble upon an interesting artifact...
2024-12-15 00:21:35 | 阅读: 6 |
收藏
|
Hexacorn - www.hexacorn.com
windows
backup
rfc5011
dnssec
artifact
Promoting a Windows 2022 server to Domain Controller and DNS Server
I asked myself what tangible artifacts present on a file system can immediately tell us tha...
2024-12-11 07:44:34 | 阅读: 6 |
收藏
|
Hexacorn - www.hexacorn.com
experiment
windows
slightly
edited
myself
Not installing the installers, part 4
This old series is not very exciting. Decompiling goodware installation scripts will never...
2024-12-7 08:32:10 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
installers
ratio
rtools44
rtools43
ifcexporter
ExecCmd64 lolbin
If you have ASRock Polychrome RGB installed on your system you may find this interesting ex...
2024-12-7 07:1:13 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
asrock
execcmd64
aproduct
polychrome
asrrgbled
1 little known secret of ShellExec_RunDLL
The ShellExec_RunDLL API is now exposed by both shell32.dll and windows.storage.dll.It...
2024-11-30 18:40:12 | 阅读: 11 |
收藏
|
Hexacorn - www.hexacorn.com
rundll
shellexec
windows
shell32
fmask
Mapping the API mapping/code redundancy
In my last post I have shown that some of the shell32.dll functions are now mapped to windo...
2024-11-30 03:23:33 | 阅读: 8 |
收藏
|
Hexacorn - www.hexacorn.com
windows
kernelbase
gdi32full
edgehtml
overlapping
Windows.Storage.lol
This is a bit surprising, but the recent versions of windows.storage.dll export a number of...
2024-11-29 06:28:1 | 阅读: 4 |
收藏
|
Hexacorn - www.hexacorn.com
windows
shell32
rundll32
rundll
shellexec
Previous
1
2
3
4
5
6
7
8
Next