Everything you care about in one place
Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.
Get Feederhexacorn.com
Hexacorn Ltd
Get the latest updates from Hexacorn Ltd directly as they happen.
Follow now 115 followers
Latest posts
Last updated 7 days ago
1 little known secret of advpack.dll, LaunchINFSection
7 days ago
Yes, yet another oldie with a secret… The .inf files are as...
Beyond good ol’ Run key, Part 149
8 days ago
This post is a nothing burger. I didn’t make it work, but...
Beyond good ol’ Run key, Part 148
14 days ago
Analyzing the very same binary (AggregatorHost.exe) that makes the persistence trick described...
Beyond good ol’ Run key, Part 147
14 days ago
I mentioned TestHook at least twice in the past. I actually love...
VMwareResolutionSet.exe VMwareResolutionSet.dll lolbin
about 1 month ago
If you still use VMWare, your Windows guest system will benefit from...
wermgr.exe boot offdmpsvc.dll lolbin
about 1 month ago
Similarly as in the previous case, wermgr.exe accepts many command line arguments...
wpr.exe boottrace phantom dll axeonoffhelper.dll lolbin
about 1 month ago
Today I have discovered the PipelineFilterHook Registry entry only to find out...
mscoree.dll, RunDll32ShimW lolbin
about 2 months ago
Executing this function via rundll32.exe leads to loading of mscoreei.dll from one...
shell32.dll, #61
about 2 months ago
The function #61 exported by the shell32.dll uses an internal name RunFileDlg...
Shell32.dll, #44 lolbin
2 months ago
There is a well known shell32.dll lolbas that relies on a function...
Minority (forensic) report aka defending forward w/o hacking back
3 months ago
We love to put a wedge between the detection and response. Many...
Malware Source code string extraction
4 months ago
Every once in a while we put our hands on a source...