unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
1 little known secret of fondue.exe
Same as in the previous case, we can copy the main executable fondue.exe to a different fol...
2024-1-6 09:29:25 | 阅读: 20 |
收藏
|
Hexacorn - www.hexacorn.com
cpl
fondue
appwiz
(Not) Mapping Firefox extension IDs to their names
I have mapped an extensive list of Chrome Plug-in IDs to their names before. Of course, I k...
2024-1-6 07:36:45 | 阅读: 13 |
收藏
|
Hexacorn - www.hexacorn.com
ons
python
yup
localized
typos
Bitmap Hunting in SPL
One of the most annoying hunting exercises is detecting a sequence of failures followed by a suc...
2024-1-2 01:23:21 | 阅读: 11 |
收藏
|
Hexacorn - www.hexacorn.com
username
sys01
makeresults
allstatuses
doe
1 little known secret of hdwwiz.exe
There is a number of .cpl files that can be loaded using their OS-native executable equival...
2024-1-1 21:21:53 | 阅读: 21 |
收藏
|
Hexacorn - www.hexacorn.com
hdwwiz
cpl
malicious
loaded
equivalents
1 little known secret of forfiles.exe
The forfiles.exe program is a well-known lolbin. Its power comes from the /c command line a...
2023-12-31 18:21:41 | 阅读: 22 |
收藏
|
Hexacorn - www.hexacorn.com
forfiles
malicious
lolbin
enumerates
enumerated
1 little known secret of ieUnatt.exe on win11
The program has been changed since win10 and it now loads wdscore.dll almost immediately af...
2023-12-31 00:1:46 | 阅读: 13 |
收藏
|
Hexacorn - www.hexacorn.com
wdscore
identical
loadlibrary
zeroes
1 little known secret of fsquirt.exe
The program in the title of this post is not very well-known. It’s being used for some rand...
2023-12-30 05:57:39 | 阅读: 17 |
收藏
|
Hexacorn - www.hexacorn.com
fsquirt
windows
microsoft
sendto
roaming
1 little known secret of regsvr32.exe, take three
In the past I wrote a few times about the side-effect of having 2 binaries named the same way an...
2023-12-29 07:14:48 | 阅读: 16 |
收藏
|
Hexacorn - www.hexacorn.com
regsvr32
windows
ocx
hhctrl
syswow64
1 little known secret of regsvr32.exe, take two
There is an archaic feature that regsvr32.exe leverages to autoregister libraries associate...
2023-12-27 08:9:35 | 阅读: 14 |
收藏
|
Hexacorn - www.hexacorn.com
txtfile
library
regsvr32
dllmain
1 little known secret of runonce.exe (32-bit)
When you execute 32-bit version of runonce.exe on a 64-bit version of Windows and pass to i...
2023-12-26 23:22:47 | 阅读: 10 |
收藏
|
Hexacorn - www.hexacorn.com
iernonce
library
runonce
loaded
1 little known secret of regsvr32.exe
The little known secret of regsvr32.exe is…You ready?You can load multiple DLLs at...
2023-12-26 06:23:50 | 阅读: 28 |
收藏
|
Hexacorn - www.hexacorn.com
hhctrl
ocx
regsvr32
windows
yup
2 less known secrets of Windows command command-driven line tools…
Many Windows tools support commands f.ex.:reg.exe – QUERY, ADD, DELETE, COPY, SAVE, RE...
2023-12-25 19:15:35 | 阅读: 10 |
收藏
|
Hexacorn - www.hexacorn.com
identical
detections
getkeyname
Copyright banners – re-visited
Over a decade ago I posted some random copyright banner stats from my (relatively small by...
2023-12-19 08:52:9 | 阅读: 14 |
收藏
|
Hexacorn - www.hexacorn.com
banners
xmrig
llc
jean
adler
Custom Install Path & portability issues
If you’ve been reading my blog for a while now you will know that I love to challenge my threat...
2023-12-14 08:8:10 | 阅读: 11 |
收藏
|
Hexacorn - www.hexacorn.com
niauth
instruments
software
labview
ni
Proof of life…
‘Blade Runner’ – the cult classic movie – teaches us that the (non-)human traits/behaviors can b...
2023-12-2 08:6:39 | 阅读: 10 |
收藏
|
Hexacorn - www.hexacorn.com
software
download
telemetry
producing
File System artifacts for known security software
Inspired by Phill Moore’s new project called Ruler, I combed my collection of all old Hijac...
2023-11-26 18:59:37 | 阅读: 10 |
收藏
|
Hexacorn - www.hexacorn.com
phill
hijackthis
ruler
progressive
rebranding
Looking for the randomness in the most non-AI/ML way…
Here’s an old-school file name-based research… it is not game changing, it won’t bring any immed...
2023-11-25 08:27:57 | 阅读: 12 |
收藏
|
Hexacorn - www.hexacorn.com
infixes
5m
icreinstall
regexes
immediate
The world of partially downloaded files…
Anytime you download a file via a browser, instant messenger, or other apps… it is first sa...
2023-11-23 07:23:3 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
download
microsoft
instant
messenger
brave
Lolbins for connoisseurs… Part 3
I love exploring unexplored software paths. And not necessarily on the assembly level – and that...
2023-11-16 06:52:24 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
software
portablegit
depthai
mingw64
Who am I? Asking for my file friend: whoami.exe…
There is a lot talk about whoami.exe recently, so here’s one more post about it…When we talk...
2023-11-12 07:28:40 | 阅读: 18 |
收藏
|
Hexacorn - www.hexacorn.com
whoami
windows
winsxs
microsoft
Previous
3
4
5
6
7
8
9
10
Next