❌

Reading view

There are new articles available, click to refresh the page.

Lolbin Wow Ltd x 2

I have already covered cases where I abused WINDIR environment variable to LOLBINize some WoW executables. I thought I covered w32tm.exe before, but looking at my blog history I can’t find any reference to it. So, here it is:

2 little secrets of ScriptRunner.exe

ScriptRunner.exe is a known lolbin, but the Lolbas project doesn’t cover all of this program’s features. Timeout It can execute child processes and kill them after a certain timeout f.ex.: ScriptRunner.exe -appvscript cmd.exe -appvscriptrunnerparameters -timeout=5 Multiple invocations It can execute … Continue reading β†’

1 little known secret of fondue.exe

Same as in the previous case, we can copy the main executable fondue.exe to a different folder f.ex. c:\test and start it from there, loading the c:\test\appwiz.cpl we control in the process.

Bitmap Hunting in SPL

One of the most annoying hunting exercises is detecting a sequence of failures followed by a success. Brute-force attacks, dictionary attacks, and finally password spray attacks have all this in common: lots of failures, sometimes followed by a success. The … Continue reading β†’

Proof of life…

β€˜Blade Runner’ – the cult classic movie – teaches us that the (non-)human traits/behaviors can be detected with a so-called Voight-Kampff test. This post is about discussing (not designing yet) a similar test for our threat hunting purposes… The key … Continue reading β†’
❌