unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
The art of artifact collection and hoarding for the sake of forensic exclusivity… – Part 5
If you follow this series you should know by now that I am obsessing here not about the benefits...
2024-6-15 06:53:57 | 阅读: 12 |
收藏
|
Hexacorn - www.hexacorn.com
software
wiki
actionable
adept
PE Section names – re-visited, again
I recently caught up with torrents shared by VirusShare and after merging the new VS sample...
2024-6-9 06:59:53 | 阅读: 14 |
收藏
|
Hexacorn - www.hexacorn.com
merging
attributing
660k
download
caught
The art of artifact collection and hoarding for the sake of forensic exclusivity… – Part 4
In my last post I mentioned the outdated PAD files. Let’s have a closer look at them.Before...
2024-6-8 06:51:37 | 阅读: 8 |
收藏
|
Hexacorn - www.hexacorn.com
pad
software
download
genai
repository
The art of artifact collection and hoarding for the sake of forensic exclusivity… – Part 3
(this is a very long post, sorry; took weeks to distill it into something that I hope is readabl...
2024-6-6 07:48:54 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
software
asset
miss
processes
The art of artifact collection and hoarding for the sake of forensic exclusivity… – Part 2
In the first part I had promised that I would demonstrate that the piracy is good! (sometimes)...
2024-5-4 07:29:59 | 阅读: 9 |
收藏
|
Hexacorn - www.hexacorn.com
software
processes
scrap
landing
windows
The art of artifact collection and hoarding for the sake of forensic exclusivity…
This post is going to blow your mind – I am going to demonstrate that the piracy is good! (somet...
2024-5-2 08:18:27 | 阅读: 16 |
收藏
|
Hexacorn - www.hexacorn.com
windows
software
analysis
processes
clusters
A license (metadata) to kill (for)…
Many forensic artifacts can be looked at from many different angles. A few years ago I proposed...
2024-4-27 07:40:21 | 阅读: 8 |
收藏
|
Hexacorn - www.hexacorn.com
analysis
artifacts
software
gpl
licensing
Excelling at Excel, Part 4
Excel is the emperor of automation. Not the SOAR type, but the local one – yours.Why?Its...
2024-4-26 07:33:44 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
ternary
parenthesis
formula
formulas
soar
Shall we say… Good bye, phishing queue? Part 2
[this post is work in progress; it will be updated when the script finishes its processing]I...
2024-4-19 08:32:55 | 阅读: 18 |
收藏
|
Hexacorn - www.hexacorn.com
phishing
webmaster
fly
donotreply
noreply
The art of cutting corners
I love ROI-driven solutions and this post is about one of them. My personal cybersecurity consul...
2024-4-6 07:46:43 | 阅读: 12 |
收藏
|
Hexacorn - www.hexacorn.com
software
client
roi
analysis
luckily
Subfrida v0.1
As many of you know, I am a big fan of Frida framework and I love its intuitiveness and flexibil...
2024-3-31 08:57:22 | 阅读: 8 |
收藏
|
Hexacorn - www.hexacorn.com
idf
ofs
onenter
From Underground to Overground
There are many debates and infosec dramas related to vulnerability research, publishing Off...
2024-3-30 08:5:31 | 阅读: 15 |
收藏
|
Hexacorn - www.hexacorn.com
security
ost
era
pocs
Stuffing up the WINDIR env. var. with THE SPACE
I love revisiting the ‘there is nothing else to be found there anymore’ cases and I described th...
2024-3-17 07:40:35 | 阅读: 20 |
收藏
|
Hexacorn - www.hexacorn.com
msra
wow
32k
truncation
windows
Lolbin Wow Ltd x 2
I have already covered cases where I abused WINDIR environment variable to LOLBINize some W...
2024-3-17 06:18:38 | 阅读: 19 |
收藏
|
Hexacorn - www.hexacorn.com
w32tm
windows
syswow64
payload
sysnative
1 little known secret of explorer.exe
Windows Explorer is a beast. It does so many things when it starts that it hurts…Someti...
2024-3-3 08:33:23 | 阅读: 30 |
收藏
|
Hexacorn - www.hexacorn.com
cpl
desk
windows
dodgy
1 little known secret of nslookup.exe
I was recently surprised by the fact that Windows’ nslookup.exe accepts the local config fi...
2024-3-2 07:59:8 | 阅读: 21 |
收藏
|
Hexacorn - www.hexacorn.com
nslookuprc
resolves
surprised
windows
nslookup
How to become/continue to be a security researcher?
In my post from 2018 I listed a number of strategies one can use to ‘find interesting stuff...
2024-1-21 08:59:29 | 阅读: 19 |
收藏
|
Hexacorn - www.hexacorn.com
windows
regsvr32
ordinal
software
discoveries
2 little secrets of ScriptRunner.exe
ScriptRunner.exe is a known lolbin, but the Lolbas project doesn’t cover all of this progra...
2024-1-14 07:9:46 | 阅读: 11 |
收藏
|
Hexacorn - www.hexacorn.com
appvscript
mspaint
lolbas
Adding character(s) to Command Line processing
In my old post about certutil I mentioned that it accepts a number of less-known Unicode ch...
2024-1-13 07:39:35 | 阅读: 16 |
收藏
|
Hexacorn - www.hexacorn.com
quotation
interpreted
minus
assumptions
dash
Bitmap hunting in SPL, Part 2
In my previous post I introduced the concept of bitmap hunting. Today I will show another exampl...
2024-1-7 07:46:54 | 阅读: 10 |
收藏
|
Hexacorn - www.hexacorn.com
evt
makeresults
allb
clusters
cscript
Previous
3
4
5
6
7
8
9
10
Next