Playing CAPAeira with Yara rules April 20, 2021 in Yara sigs... 2021-04-21 06:46:39 | 阅读: 170 | 收藏 | www.hexacorn.com capa cr fm machine sigs

Yara & maldoc pics April 7, 2021 in Yara sigs... 2021-04-08 07:06:06 | 阅读: 163 | 收藏 | www.hexacorn.com spot sig malicious sigs 6a

ELF sections stats March 13, 2021 in Clustering, linux... 2021-03-14 08:02:01 | 阅读: 249 | 收藏 | www.hexacorn.com ksymtab mode2 gpl eh rodata

Beyond good ol’ Run key, Part 133 March 5, 2021 in Anti-Forensics, Autostart (... 2021-03-06 08:18:20 | 阅读: 260 | 收藏 | www.hexacorn.com software javasoft launch4j development malicious

Event ID 7039 – out…pid a pid February 26, 2021 in Compromise Detection, S... 2021-02-27 04:18:16 | 阅读: 210 | 收藏 | www.hexacorn.com sysmon scm processes badly liberty

Beyond good ol’ Run key, Part 132 February 24, 2021 in Anti-Forensics, Autosta... 2021-02-25 08:19:41 | 阅读: 214 | 收藏 | www.hexacorn.com specifies loaded autostart poor documenting

DownLOLoloaders DownLOLoloadersFebruary 19, 2021 in Anti-For... 2021-02-19 09:00:17 | 阅读: 208 | 收藏 | www.hexacorn.com attractive download retrieved combing handy

Yet another secret of hosts file February 18, 2021 in Anti-*, Anti-Forensics,... 2021-02-19 08:41:52 | 阅读: 241 | 收藏 | www.hexacorn.com windows unicode16 dnsrslvr hostss

Misre-presentation host February 8, 2021 in Living off the land, LOL... 2021-02-09 08:34:12 | 阅读: 220 | 收藏 | www.hexacorn.com iexplore clickonce

Beyond good ol’ Run key, Part 131 February 6, 2021 in Anti-Forensics, Autostar... 2021-02-07 06:44:08 | 阅读: 250 | 收藏 | www.hexacorn.com microsoft software editorhklm mhtml editorhkcu

Desperate downloader lolbin February 5, 2021 in LOLBins... 2021-02-06 08:41:33 | 阅读: 262 | 收藏 | www.hexacorn.com msoxmled verb inetcache proxy download

Mitre Domin&trix Mitre Domin&trixFebruary 3, 2021 in Mitre At... 2021-02-04 07:56:07 | 阅读: 340 | 收藏 | www.hexacorn.com domin trix forth utopian promoted

Recoll – a perfect tool for Threat Intelligence Analysts and other Report Readers February 1, 2021 in Productivity... 2021-02-02 04:10:08 | 阅读: 234 | 收藏 | www.hexacorn.com caught docfetcher searchable hoarder tones

aMus(ing)Notification January 3, 2021 in Archaeology, LOLBins, Und... 2021-01-04 08:31:56 | 阅读: 251 | 收藏 | www.hexacorn.com dialog invocations toast

handle..ing SHAllocShared December 25, 2020 in Code Injection... 2020-12-26 08:53:14 | 阅读: 275 | 收藏 | www.hexacorn.com memory shlwapi relies

Beyond Fear Beyond FearDecember 22, 2020 in Preaching... 2020-12-22 09:50:25 | 阅读: 272 | 收藏 | www.hexacorn.com fear programmers genius

Propagate, Ribbonate December 22, 2020 in Anti-Forensics, Code In... 2020-12-22 09:09:18 | 阅读: 297 | 收藏 | www.hexacorn.com hwnd windows analysis injection

FaaS for noobs This is the first version of this article. Due to nuances, and things I forgot while wri... 2020-12-06 09:53:07 | 阅读: 281 | 收藏 | www.hexacorn.com faas ec2 python regions spot

csrss.exe and its manifests This is yet another odd behavior I spotted using Procmon. I was curious what .manifest f... 2020-12-06 08:23:39 | 阅读: 280 | 收藏 | www.hexacorn.com windows microsoft manifestc mui syswow64

TestHooks, take 2 December 2, 2020 in Archaeology... 2020-12-03 08:20:43 | 阅读: 353 | 收藏 | www.hexacorn.com windows microsoft software testhook 0gtweet