Shall we say… Good bye, phishing queue? Part 2 [this post is work in progress; it will be updated when the script finishes its processing]I... 2024-4-19 08:32:55 | 阅读: 18 | 收藏 | Hexacorn - www.hexacorn.com phishing webmaster fly donotreply noreply

The art of cutting corners I love ROI-driven solutions and this post is about one of them. My personal cybersecurity consul... 2024-4-6 07:46:43 | 阅读: 12 | 收藏 | Hexacorn - www.hexacorn.com software client roi analysis luckily

Subfrida v0.1 As many of you know, I am a big fan of Frida framework and I love its intuitiveness and flexibil... 2024-3-31 08:57:22 | 阅读: 8 | 收藏 | Hexacorn - www.hexacorn.com idf ofs onenter

From Underground to Overground There are many debates and infosec dramas related to vulnerability research, publishing Off... 2024-3-30 08:5:31 | 阅读: 15 | 收藏 | Hexacorn - www.hexacorn.com security ost era pocs

Stuffing up the WINDIR env. var. with THE SPACE I love revisiting the ‘there is nothing else to be found there anymore’ cases and I described th... 2024-3-17 07:40:35 | 阅读: 20 | 收藏 | Hexacorn - www.hexacorn.com msra wow 32k truncation windows

Lolbin Wow Ltd x 2 I have already covered cases where I abused WINDIR environment variable to LOLBINize some W... 2024-3-17 06:18:38 | 阅读: 19 | 收藏 | Hexacorn - www.hexacorn.com w32tm windows syswow64 payload sysnative

1 little known secret of explorer.exe Windows Explorer is a beast. It does so many things when it starts that it hurts…Someti... 2024-3-3 08:33:23 | 阅读: 30 | 收藏 | Hexacorn - www.hexacorn.com cpl desk windows dodgy

1 little known secret of nslookup.exe I was recently surprised by the fact that Windows’ nslookup.exe accepts the local config fi... 2024-3-2 07:59:8 | 阅读: 21 | 收藏 | Hexacorn - www.hexacorn.com nslookuprc resolves surprised windows nslookup

How to become/continue to be a security researcher? In my post from 2018 I listed a number of strategies one can use to ‘find interesting stuff... 2024-1-21 08:59:29 | 阅读: 19 | 收藏 | Hexacorn - www.hexacorn.com windows regsvr32 ordinal software discoveries

2 little secrets of ScriptRunner.exe ScriptRunner.exe is a known lolbin, but the Lolbas project doesn’t cover all of this progra... 2024-1-14 07:9:46 | 阅读: 11 | 收藏 | Hexacorn - www.hexacorn.com appvscript mspaint lolbas

Adding character(s) to Command Line processing In my old post about certutil I mentioned that it accepts a number of less-known Unicode ch... 2024-1-13 07:39:35 | 阅读: 16 | 收藏 | Hexacorn - www.hexacorn.com quotation interpreted minus assumptions dash

Bitmap hunting in SPL, Part 2 In my previous post I introduced the concept of bitmap hunting. Today I will show another exampl... 2024-1-7 07:46:54 | 阅读: 10 | 收藏 | Hexacorn - www.hexacorn.com evt makeresults allb clusters cscript

1 little known secret of fondue.exe Same as in the previous case, we can copy the main executable fondue.exe to a different fol... 2024-1-6 09:29:25 | 阅读: 20 | 收藏 | Hexacorn - www.hexacorn.com cpl fondue appwiz

(Not) Mapping Firefox extension IDs to their names I have mapped an extensive list of Chrome Plug-in IDs to their names before. Of course, I k... 2024-1-6 07:36:45 | 阅读: 13 | 收藏 | Hexacorn - www.hexacorn.com ons python yup localized typos

Bitmap Hunting in SPL One of the most annoying hunting exercises is detecting a sequence of failures followed by a suc... 2024-1-2 01:23:21 | 阅读: 11 | 收藏 | Hexacorn - www.hexacorn.com username sys01 makeresults allstatuses doe

1 little known secret of hdwwiz.exe There is a number of .cpl files that can be loaded using their OS-native executable equival... 2024-1-1 21:21:53 | 阅读: 21 | 收藏 | Hexacorn - www.hexacorn.com hdwwiz cpl malicious loaded equivalents

1 little known secret of forfiles.exe The forfiles.exe program is a well-known lolbin. Its power comes from the /c command line a... 2023-12-31 18:21:41 | 阅读: 22 | 收藏 | Hexacorn - www.hexacorn.com forfiles malicious lolbin enumerates enumerated

1 little known secret of ieUnatt.exe on win11 The program has been changed since win10 and it now loads wdscore.dll almost immediately af... 2023-12-31 00:1:46 | 阅读: 13 | 收藏 | Hexacorn - www.hexacorn.com wdscore identical loadlibrary zeroes

1 little known secret of fsquirt.exe The program in the title of this post is not very well-known. It’s being used for some rand... 2023-12-30 05:57:39 | 阅读: 17 | 收藏 | Hexacorn - www.hexacorn.com fsquirt windows microsoft sendto roaming

1 little known secret of regsvr32.exe, take three In the past I wrote a few times about the side-effect of having 2 binaries named the same way an... 2023-12-29 07:14:48 | 阅读: 16 | 收藏 | Hexacorn - www.hexacorn.com regsvr32 windows ocx hhctrl syswow64