Reading view

There are new articles available, click to refresh the page.

Lolbins for connoisseurs…

We are all quite fixated on a purity of lolbins. Best if it is a hidden/undocumented/unexpected behavior of a native OS binary that can be abused for some nefarious purposes. I, obviously, love these the most, too. However… Living Off … Continue reading

The secret of 961c151d2e87f2686a955a9be24d316f1362bf21

I recently came across a malware sample that included the following, mysterious string: There are a few versions of this strings out there (extracted from a few malware samples downloaded in 2023): 961c151d2e87f2686a955a9be24d316f1362bf21 2.1.1 961c151d2e87f2686a955a9be24d316f1362bf21 3.5.0 961c151d2e87f2686a955a9be24d316f1362bf21 3.6.1 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1 … Continue reading

Dexray v2.33

Even in 2023 Dexray seems to be delivering value to DFIR practitioners. I am always very humbled by unsolicited additions to Dexray code, because it means the tool is still alive, despite the fact it was written in archaic (by … Continue reading

What Champagne to drink?

Reading articles about criminals enjoying (I really hope they are not just flexing) drinking the emperor of all Champagnes aka Dom Pérignon, makes me feel that they are potentially missing out on so many opportunities! Not only Dom Pérignon is … Continue reading

Email domains AD 2023

Back in a day (90s/2000s), if you wanted an email, there were lots of (free) email providers available. With a minimum of effort one could sign up to as many free email services available at that time as possible. No … Continue reading
❌