Normal view

There are new articles available, click to refresh the page.
Before yesterdayHexacorn Ltd

Hijacking HijackThis

By: adam
20 May 2022 at 21:46
Long before endpoint event logging became a norm it was incredibly difficult to collect information about popular processes, services, paths, CLSIDs, etc.. Antivirus companies, and later sandbox companies had tones […]

Infosec Salaries – the myth and the reality

By: adam
21 April 2022 at 23:00
Update 3 If you want to know more about salaries at FAANG and all over the world look at the following resources: Update 2 tl; dr; […]

Dexray v2.32

By: adam
23 January 2022 at 00:07
I was recently contacted by Oskar who had a problem decrypting Defender for Mac Quarantine files. After quick investigations we discovered that the encrypted file doesn’t really conform to any […]

Beyond good ol’ Run key, Part 138

By: adam
23 January 2022 at 00:03
This is a post that should have appeared here at least 10 years ago. There is an enigmatic Registry entry: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Extension\PeerdistDllName=peerdist.dll that I came across many times before. The […]

Yara Carpet Bomber

By: adam
16 January 2022 at 15:50
A lot of people are sharing their Yara creation (look for #100DaysofYARA tag on Twitter), so I thought I will share a bit too. This is a very unusual way […]

Windows Installation animation

By: adam
16 January 2022 at 10:04
While looking at \Windows\system32\oobe\ files I had a quick check what FirstLogonAnim.exe does and discovered that on top of accepting the following command line arguments: /zdp (for Zero Day Package) […]

Wine tasting, again

By: adam
10 July 2021 at 16:51
In my old post I have listed a number of wine functions that are exported in that environment and are not present in Windows libraries. 5 years later I decided […]

Shopping for LOLbins

By: adam
10 June 2021 at 22:13
In this Twit that I posted a few weeks ago I demoed how to use older versions of Photoshop and Illustrator to execute calculator via their internal scripting engine that […]