πŸ”’
❌
There are new articles available, click to refresh the page.
βœ‡Hexacorn Ltd

Dealing with alert fatigue, Part 1

By: adam β€”
Gazillion tickets, gazillion emails a day. The business as usual for most SOCs… It actually doesn’t matter how we got here (although I will cover some bits later on) – […]
βœ‡Hexacorn Ltd

Inserting data into other processes’ address space, part 1a

By: adam β€”
I never thought I will write the part 1a of my old post, but here it is. As usual, I have not explored the below topic in-depth, but have certainly […]
βœ‡Hexacorn Ltd

Adobe: JSX and JSXBIN files

By: adam β€”
I wrote about older Adobe scripting before. I recently discovered that Adobe products support scripting using so-called ExtendScript language with code being stored either in a source-level JSX file, or […]
βœ‡Hexacorn Ltd

What to know, what to learn? What are useful skills for cyber in 2022?

By: adam β€”
~12 years ago I felt I am on the top of the (blue side of cyber) world. I knew Windows forensics pretty well, Linux forensics far less, but with some […]
βœ‡Hexacorn Ltd

Password as a (Yara) Service

By: adam β€”
In a recent Twitter exchange with Tim I mentioned my earlier post in which I described a practice of crypto code copypasting being quite prevalent. Such practice is problematic of […]
βœ‡Hexacorn Ltd

Week of Data Dumps, Part 7 – registry

By: adam β€”
This one is not a surprise, I hope. Most of forensic artifacts come from either file- or Registry- oriented artifacts. Of course, there is a macOS&OS/X world out there, there […]
βœ‡Hexacorn Ltd

Week of Data Dumps, Part 6 – file names

By: adam β€”
This week is longer than I thought, so time to catch up… πŸ™‚ This one is a mess, but sometimes a bit of a mess is not a bad thing. […]
βœ‡Hexacorn Ltd

Week of Data Dumps, Part 5 – commands

By: adam β€”
Writing your own sandbox has many advantages – the most important is an ability to collect data only large companies have. Analysing many samples gives us an unique insight into […]
βœ‡Hexacorn Ltd

Week of Data Dumps, Part 4 – games-related strings

By: adam β€”
This series got a bit delayed, because I got sick last week. β€” This is a bit counter-intuitive – why would you want to collect strings related to games? First, […]
βœ‡Hexacorn Ltd

Week of Data Dumps, Part 3 – service names

By: adam β€”
Knowing what service name is what is quite useful. The attached list lists many, primarily native OS, and security product-related services that I have aggregated by looking at native services […]
βœ‡Hexacorn Ltd

The curse of being β€˜technical’

By: adam β€”
You are either technical, or you are not. What does it mean? Many tried to answer that borderline philosophical question, but as far as I know no one is really […]
βœ‡Hexacorn Ltd

Week of Data Dumps, Part 2 – GUIDs

By: adam β€”
There was a time when knowing GUIDs of adware/spyware you could instantly attribute a sample to a known rogue company or group. Of course, these days are long gone, but […]
βœ‡Hexacorn Ltd

Week of Data Dumps, Part 1 – device names

By: adam β€”
Reversing is not only hours spent analyzing code. It’s also about collecting interesting data so that it can be used to quickly determine other programs’ functionality in the future. Recognizing […]
βœ‡Hexacorn Ltd

Shall we say… Good bye, phishing queue?

By: adam β€”
Imagine you stop processing your phishing reports today. Just stop. What could be the worst thing that could happen? Hmm ? Of course, some people will still get phished, some […]
βœ‡Hexacorn Ltd

DriverPack – Clean PDB paths

By: adam β€”
Unique PDB debug paths embedded inside malware are useful to detect other variants of the malicious family (not applicable to more advanced malware families where authors either wipe the paths […]
βœ‡Hexacorn Ltd

Da Li’L World of DLL Exports and Entry Points, Part 5

By: adam β€”
The previous parts of this series were done β€˜manually’. I would come across some new type of DLL and would jot down its properties so I would have a point […]
βœ‡Hexacorn Ltd

This post mentions many file extensions

By: adam β€”
What are Windows file extensions of interest ? Is there a single superset of all possible file extensions that are of interest from a security perspective? I tried to answer […]
βœ‡Hexacorn Ltd

A few more protocol handlers :)

By: adam β€”
Ug_0Security asked, and I am answering πŸ™‚ Not all of them are just from win11, but it’s just a quick diff between what I saw back in 2018 and one […]
βœ‡Hexacorn Ltd

Not installing the installers, part 3

By: adam β€”
With file handlers being yet again a topic du jour it was only natural to try answering a question β€” how many file protocols are really out there? I tried […]
❌