unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
How to debug Windows service processes in the most old-school possible way…
Debugging Service Processes on Windows is a bit tricky – the old IFO / Debugger trick doesn’t wo...
2024-11-23 18:28:53 | 阅读: 2 |
收藏
|
Hexacorn - www.hexacorn.com
debugger
svc
eb
runaway
AdobeFips – Adobe Reader Lolbin
Sometimes ‘research’ means browsing the folders of the ‘installed ‘target’ and… just execut...
2024-11-17 02:12:32 | 阅读: 4 |
收藏
|
Hexacorn - www.hexacorn.com
client
adobefips
download
acrobat
machinetype
Beyond good ol’ Run key, Part 144
The Acrobat Reader is a very popular software installed on millions of computers worldwide....
2024-11-16 06:16:47 | 阅读: 8 |
收藏
|
Hexacorn - www.hexacorn.com
acrobat
acrord32
aafeat
expects
software
The different type of relocation aka Moving between countries in practice 1/n
I originally wrote this bit in 2016 and posted it on my (now no longer existing) personal blog....
2024-11-9 18:36:47 | 阅读: 3 |
收藏
|
Hexacorn - www.hexacorn.com
registering
living
bills
rent
banks
Beating the dead horse, only to inject it some more…
The windows shatter attack is so old that it’s time for someone to reinvent it. This someone...
2024-11-8 07:50:33 | 阅读: 13 |
收藏
|
Hexacorn - www.hexacorn.com
wscadminui
hwnd
foobar
Procmonning the Win11_24H2 build
This is a bunch of random notes from running Procmon on Win11_24H2 build.We all know ab...
2024-11-6 06:55:9 | 阅读: 2 |
收藏
|
Hexacorn - www.hexacorn.com
windows
phantom
syswow64
microsoft
Some notes on Windows 11 Notepad
The new win11 version of Notepad accepts a few command line options that i have not seen documen...
2024-10-27 07:53:59 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
microsoft
windows
software
Going reverse on reversing tools…
One of the oldest and most popular reversing tools is IDA Pro (usually bundled with its multiple...
2024-10-26 06:38:24 | 阅读: 8 |
收藏
|
Hexacorn - www.hexacorn.com
python
database
idapython
genflags
substantial
Installing latest Ghidra w/o installing it
Today I wanted to upgrade my Ghidra setup so I downloaded its latest version. Now, I really...
2024-10-26 06:18:32 | 阅读: 13 |
收藏
|
Hexacorn - www.hexacorn.com
ghidra
download
installers
unpack
Beyond good ol’ Run key, Part 143
This entry is a bit convoluted, but it’s still quite interesting. I have discovered it today onl...
2024-10-20 06:17:28 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
advpack
rundll32
windows
advpack.dll and IEAdvpack.dll logging capability
There is a very old hack out there that enables logging for the advpack.dll and IEAdvpack.d...
2024-10-20 05:9:47 | 阅读: 10 |
收藏
|
Hexacorn - www.hexacorn.com
advpack
registerocx
rundll32
ieadvpack
The Sweet16 – the oldbin lolbin called setup16.exe
I don’t even know how to start. I wrote about old InstallShield setup before, and today’s topic...
2024-10-13 05:17:10 | 阅读: 28 |
收藏
|
Hexacorn - www.hexacorn.com
lst
windows
setup16
syswow64
test2
Using Guids to guide the ID of samples’ capabilities or unique (attributable) properties…
A few days ago Karsten asked me what tool did I use for GUID extraction. I replied that it was m...
2024-10-3 07:8:5 | 阅读: 4 |
收藏
|
Hexacorn - www.hexacorn.com
guids
cwindows
csecurity
windows
Rundll32 goes to hell…
Parsing command line invocations is fun, because it’s impossible to do it right (all the ti...
2024-9-22 06:43:6 | 阅读: 22 |
收藏
|
Hexacorn - www.hexacorn.com
rundll32
invocations
foobar
regexes
666
Dexray v2.34
I have updated the code to fix a few bugs that Роман Д. pointed out. Thank you Роман!Do...
2024-9-21 05:21:42 | 阅读: 6 |
收藏
|
Hexacorn - www.hexacorn.com
Роман
pointed
download
The delayed import-table phantomDLL opportunities
Many native OS PE files still rely on delayed imports. When APIs imported this way are called fo...
2024-9-15 05:31:5 | 阅读: 8 |
收藏
|
Hexacorn - www.hexacorn.com
delayed
89ab
imports
Rundll32.exe bomb
This is a silly example of a basic mistake leading to a funny discovery…When I was expe...
2024-9-12 06:8:46 | 阅读: 10 |
收藏
|
Hexacorn - www.hexacorn.com
rundll32
uxlib
syswow64
wdsutil
phantom
This post is totally Iconic
Over 6 years ago I decided to pursue yet another silly idea: extract all the unique .ico fi...
2024-9-8 06:32:22 | 阅读: 12 |
收藏
|
Hexacorn - www.hexacorn.com
iconic
667
square
sad
pursue
The art of underDLLoading
In my previous post I created a posh artisan .exe file ornamented with a large number of intrica...
2024-9-7 06:46:24 | 阅读: 7 |
收藏
|
Hexacorn - www.hexacorn.com
windows
fondue
directplay
dialog
The art of overDLLoading
Some time ago I came up with a silly idea: i’d like to build an executable that statically...
2024-9-6 07:5:25 | 阅读: 20 |
收藏
|
Hexacorn - www.hexacorn.com
windows
python
fasm
sensical
caveat
Previous
-3
-2
-1
0
1
2
3
4
Next