Incident Response

Every once in a while I describe a persistence mechanism that is just plain silly. This is one of these cases. The user interface of Windows applications has not changed […] Source: Hexacorn Ltd @ January 18, 2017 at 06:06PM 0

Read More

The flexibility offered by the Registry comes with a price. Whoever is in a position to change the Registry keys or its values can affect not only the way OS […] Source: Hexacorn Ltd @ January 17, 2017 at 06:32PM 0

Read More

The need to test modules and the will to support legacy stuff have one thing in common – at least on Windows. These functions are heavily integrated with the system […] Source: Hexacorn Ltd @ January 16, 2017 at 12:57PM 0

Read More

Most of the persistence methods described in this blog series so far focused on the old-school assumption that the system is a typical ‘bare metal’ Windows host. Over last couple […] Source: Hexacorn Ltd @ January 13, 2017 at 06:46PM 0

Read More

I’ve tried a couple of different sah’tea recipes, and so far, the second one turned out the best.  I thought I’d make another sah’tea, because it’s been a while, and because these are actually quite good. Brew Day: 7 Jan 2017 Partial Mash:15 oz Munich malt5 oz rye malt1.5 oz…

Read More

When you google for “PSScripts.ini” you will find only around 200 results or so. This is a bit surprising, given the fact Microsoft documents this Powershell-based persistence mechanism on their […] Source: Hexacorn Ltd @ January 6, 2017 at 06:16PM 0

Read More

When you google for “PSScripts.ini” you will find only around 200 results or so. This is a bit surprising, given the fact Microsoft documents this Powershell-based persistence mechanism on their […] Source: Hexacorn Ltd @ January 6, 2017 at 06:16PM 0

Read More

CVE-2016-7200 & CVE-2016-7201 are vulnerabilities in the Chakra JavaScript scripting engine in Microsoft Edge. Reported by Natalie Silvanovich of Google Project Zero, those have been fixed  in november 2016 (MS16-129) by Microsoft. On 2017-01-04 @theori_io released a POC Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201) —https://t.co/DnwQt5giMB — Theori (@theori_io)…

Read More

In the Fall I was staring out my back window seeing my yard covered in orange leaves. This sight is one I see each year and I have always viewed as my yearly chore. The chore of cleaning up the leaves that have fallen from the trees. At times I…

Read More