Converting questionable questions into unquestionable opportunities… Social media are full of questions that are formulated in a passive, passive-aggressive,... 2023-3-29 06:14:5 | 阅读: 19 | 收藏 | Hexacorn - www.hexacorn.com degree reversing promote security

List of clean mutexes and mutants A few years ago I released a list of ‘bad’ mutexes/mutants. That list was generated from... 2023-3-12 08:3:36 | 阅读: 35 | 收藏 | Hexacorn - www.hexacorn.com windows dllwindows syswow64 mutex exewindows

Threat Hunting – localization issues March 10, 2023 in threat hunting... 2023-3-11 07:47:21 | 阅读: 32 | 收藏 | Hexacorn - www.hexacorn.com l10n acronyms suddenly i18n t9n

Beyond good ol’ Run key, Part 141 February 25, 2023 in Autostart (Persistence)... 2023-2-26 07:55:35 | 阅读: 27 | 收藏 | Hexacorn - www.hexacorn.com microsoft shadowpad combos mastodon packard

Excelling at Excel, Part 3 One of the most common use cases we come across during our malware analysis exercises is... 2023-1-22 08:56:23 | 阅读: 38 | 收藏 | Hexacorn - www.hexacorn.com vlookup isna sample3 filled formula

Yara rules pageant A few days ago I posted a very specific question on Twitter and Mastodon:You’ve got... 2023-1-21 08:12:5 | 阅读: 30 | 收藏 | Hexacorn - www.hexacorn.com github mega yarac gist duplicates

Decrypting SHell Compiled (SHC) ELF files January 13, 2023 in elf, linux, shc... 2023-1-14 07:37:28 | 阅读: 93 | 收藏 | Hexacorn - www.hexacorn.com shc f8 realized decrypted 0x400fdd

Excelling at Excel, Part 2 Today I will talk about automated query-building using Excel. Working as a detection... 2023-1-8 08:1:1 | 阅读: 25 | 收藏 | Hexacorn - www.hexacorn.com formula processes avoiding formulas

Excelling at Excel, Part 1 In my old article I have demonstrated an atypical approach one may take to browse throug... 2023-1-7 08:18:24 | 阅读: 36 | 收藏 | Hexacorn - www.hexacorn.com formulas b1 formatting security dates

Putting ELF on the shelf… In my last post I referred to something what I call “putting elf on the shelf”. The idea... 2023-1-3 08:20:48 | 阅读: 45 | 收藏 | Hexacorn - www.hexacorn.com xdbg windows roi stage reversing

A bunch of OLD-School RCE tricks… January 1, 2023 in Productivity, Reversing... 2023-1-1 08:44:53 | 阅读: 69 | 收藏 | Hexacorn - www.hexacorn.com memory debugger xdbg analysis windows

Beyond good ol’ Run key, Part 140 December 30, 2022 in Autostart (Persistence)... 2022-12-31 07:29:4 | 阅读: 26 | 收藏 | Hexacorn - www.hexacorn.com ol autostart oldie abused

How to be a good quitter? It is now. It is happening. You have finally submitted your resignation letter and y... 2022-12-15 08:12:54 | 阅读: 19 | 收藏 | Hexacorn - www.hexacorn.com employment dates electronic quit rsu

Marrying client-side Windows-based CryptEncrypt and server-side,Linux-based Crypt::OpenSSL::RSA Marrying client-side Windows-based CryptEncrypt and s... 2022-12-10 06:51:12 | 阅读: 24 | 收藏 | Hexacorn - www.hexacorn.com client windows googling crypt

The Future of SOC December 8, 2022 in Incident Response, SOC,... 2022-12-9 07:32:52 | 阅读: 26 | 收藏 | Hexacorn - www.hexacorn.com triage security regulated aas regional

Using make_sc_hash_db.py to create API hashing DBs December 3, 2022 in Malware Analysis... 2022-12-4 06:43:3 | 阅读: 31 | 收藏 | Hexacorn - www.hexacorn.com blown windows hashing analysis python

Environment… is variable December 2, 2022 in Archaeology, Living off... 2022-12-3 07:15:0 | 阅读: 40 | 收藏 | Hexacorn - www.hexacorn.com vc librarypath vscmd spectre

Cracking Zeppelin November 19, 2022 in Factorization, ransomwa... 2022-11-20 07:29:55 | 阅读: 41 | 收藏 | www.hexacorn.com ransomware beat cracking zeppelin unlikely

Beyond good ol’ Run key, Part 139 November 19, 2022 in Autostart (Persistence)... 2022-11-20 06:53:9 | 阅读: 22 | 收藏 | www.hexacorn.com dm diagnostic library clsid curious

Dealing with alert fatigue, Part 2 October 8, 2022 in SOC... 2022-10-9 05:49:42 | 阅读: 32 | 收藏 | www.hexacorn.com fidelity senior junior security analysis