Matlab persistent lolbin – 2 years too late, but always… May 12, 2023 in Autostart (Persistence), LOL... 2023-5-13 05:35:49 | 阅读: 26 | 收藏 | Hexacorn - www.hexacorn.com matlab library mexw64 lolbins twit

PE Section names – re-visited, again, in 2023 May 11, 2023 in Reversing, Windows 11... 2023-5-12 07:16:10 | 阅读: 24 | 收藏 | Hexacorn - www.hexacorn.com 3109 rdata 00cfg bbt cipolicy

An Elf walks into the bar… May 11, 2023 in Windows 11... 2023-5-12 06:29:20 | 阅读: 16 | 收藏 | Hexacorn - www.hexacorn.com windows advapi32 ndr suggests

Malware – some musings about the meaning of the word… May 5, 2023 in Preaching... 2023-5-6 07:23:12 | 阅读: 19 | 收藏 | Hexacorn - www.hexacorn.com software malicious harm cia undesirable

Threat Hunting – architecture issues… May 4, 2023 in ARM, threat hunting... 2023-5-5 07:23:19 | 阅读: 22 | 收藏 | Hexacorn - www.hexacorn.com windows yup gonna kinda software

Using Detect It Easy to… detect it easy I love Detect It Easy. It’s my go-to tool when it comes to triaging malicious samples an... 2023-4-22 07:49:48 | 阅读: 29 | 收藏 | Hexacorn - www.hexacorn.com upx upxed analysis memory reversing

The words that go adapataadadapata April 20, 2023 in Silly... 2023-4-21 06:46:15 | 阅读: 20 | 收藏 | Hexacorn - www.hexacorn.com letter shocked longest combing

Beyond good ol’ Run key, Part 142 April 14, 2023 in Autostart (Persistence)... 2023-4-15 05:47:41 | 阅读: 23 | 收藏 | Hexacorn - www.hexacorn.com obs liking learnt heard tinkering

The words that go (.)[a-z]\1[a-z]\1[a-z]\1[a-z]\1[a-z]\1 April 1, 2023 in Silly... 2023-4-2 06:56:2 | 阅读: 21 | 收藏 | Hexacorn - www.hexacorn.com stupid silly amongst letters dad

Converting questionable questions into unquestionable opportunities… Social media are full of questions that are formulated in a passive, passive-aggressive,... 2023-3-29 06:14:5 | 阅读: 16 | 收藏 | Hexacorn - www.hexacorn.com degree reversing promote security

List of clean mutexes and mutants A few years ago I released a list of ‘bad’ mutexes/mutants. That list was generated from... 2023-3-12 08:3:36 | 阅读: 31 | 收藏 | Hexacorn - www.hexacorn.com windows dllwindows syswow64 mutex exewindows

Threat Hunting – localization issues March 10, 2023 in threat hunting... 2023-3-11 07:47:21 | 阅读: 29 | 收藏 | Hexacorn - www.hexacorn.com l10n acronyms suddenly i18n t9n

Beyond good ol’ Run key, Part 141 February 25, 2023 in Autostart (Persistence)... 2023-2-26 07:55:35 | 阅读: 24 | 收藏 | Hexacorn - www.hexacorn.com microsoft shadowpad combos mastodon packard

Excelling at Excel, Part 3 One of the most common use cases we come across during our malware analysis exercises is... 2023-1-22 08:56:23 | 阅读: 35 | 收藏 | Hexacorn - www.hexacorn.com vlookup isna sample3 filled formula

Yara rules pageant A few days ago I posted a very specific question on Twitter and Mastodon:You’ve got... 2023-1-21 08:12:5 | 阅读: 27 | 收藏 | Hexacorn - www.hexacorn.com github mega yarac gist duplicates

Decrypting SHell Compiled (SHC) ELF files January 13, 2023 in elf, linux, shc... 2023-1-14 07:37:28 | 阅读: 90 | 收藏 | Hexacorn - www.hexacorn.com shc f8 realized decrypted 0x400fdd

Excelling at Excel, Part 2 Today I will talk about automated query-building using Excel. Working as a detection... 2023-1-8 08:1:1 | 阅读: 22 | 收藏 | Hexacorn - www.hexacorn.com formula processes avoiding formulas

Excelling at Excel, Part 1 In my old article I have demonstrated an atypical approach one may take to browse throug... 2023-1-7 08:18:24 | 阅读: 33 | 收藏 | Hexacorn - www.hexacorn.com formulas b1 formatting security dates

Putting ELF on the shelf… In my last post I referred to something what I call “putting elf on the shelf”. The idea... 2023-1-3 08:20:48 | 阅读: 42 | 收藏 | Hexacorn - www.hexacorn.com xdbg windows roi stage reversing

A bunch of OLD-School RCE tricks… January 1, 2023 in Productivity, Reversing... 2023-1-1 08:44:53 | 阅读: 66 | 收藏 | Hexacorn - www.hexacorn.com memory debugger xdbg analysis windows