Normal view

There are new articles available, click to refresh the page.
Before yesterdayHexacorn Ltd

An Elf walks into the bar…

By: adam
11 May 2023 at 22:29
Windows 11’s advapi32.dll includes interesting export functions: ElfBackupEventLogFileA ElfBackupEventLogFileW ElfChangeNotify ElfClearEventLogFileA ElfClearEventLogFileW ElfCloseEventLog ElfDeregisterEventSource ElfFlushEventLog ElfNumberOfRecords ElfOldestRecord ElfOpenBackupEventLogA ElfOpenBackupEventLogW ElfOpenEventLogA ElfOpenEventLogW ElfReadEventLogA ElfReadEventLogW ElfRegisterEventSourceA ElfRegisterEventSourceW ElfReportEventA ElfReportEventAndSourceW ElfReportEventW And I […]

Yara rules pageant

By: adam
21 January 2023 at 00:12
A few days ago I posted a very specific question on Twitter and Mastodon: You’ve got gazillion of random yara rules stored inside many random .yar files scattered around many […]

Excelling at Excel, Part 2

By: adam
8 January 2023 at 00:01
Today I will talk about automated query-building using Excel. Working as a detection engineering and/or threat hunting specialist we often need to create a lot of queries including a lot […]

Excelling at Excel, Part 1

By: adam
7 January 2023 at 00:18
In my old article I have demonstrated an atypical approach one may take to browse through similarly-looking security artifacts while analyzing a gazillion of similarly looking URls in Excel. I […]

How to be a good quitter?

By: adam
15 December 2022 at 00:12
It is now. It is happening. You have finally submitted your resignation letter and you are leaving the company. Your accounts will be closed, and access to all company systems […]

The Future of SOC

By: adam
8 December 2022 at 23:32
Over last few years we moved away from a SOC that used to be almost solely focused on Network and Windows events and artifacts (probably a strong fintech bias here) […]

Environment… is variable

By: adam
2 December 2022 at 23:15
I love environmental variables. They are often post-worthy, and sometimes they are just simply cool. Yet, many are still not known. Many are still not described. Looking for ‘easy’ research […]
❌
❌