Adam (@Hexacorn) Twitter Tweets • TwiCopy

Adam

@Hexacorn

+ Follow

Red Brain, Blue Fingers

[email protected]
https://t.co/Bm0C9KQDDY

RIP Twitter

ID:456312508

linkhttp://www.hexacorn.com/blog/ calendar_today06-01-2012 03:26:37

6,3K Tweets

24,4K Followers

1,2K Following

Follow People

Florian Roth

Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇

+ Follow

Justin Elze

Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars

+ Follow

✞ inversecos🩸

hacker & founder @xintraorg ⚔️

+ Follow

Florian Hansemann

Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M

+ Follow

Grzegorz Tworek

My own research, unless stated otherwise. Not necessarily 'safe when taken as directed'. GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-

+ Follow

Antonio Cocomazzi

3 days ago

I noticed an interesting change starting from Windows 11 22H2 in the behavior of NtSystemDebugControl when taking a live kernel dump (SysDbgGetLiveKernelDump) including user-mode pages (flag IncludeUserSpaceMemoryPages).

Until Windows 11 21H2 code in nt!DbgkCaptureLiveKernelDump…

I noticed an interesting change starting from Windows 11 22H2 in the behavior of NtSystemDebugControl when taking a live kernel dump (SysDbgGetLiveKernelDump) including user-mode pages (flag IncludeUserSpaceMemoryPages). Until Windows 11 21H2 code in nt!DbgkCaptureLiveKernelDump…

thumb_up_off_alt116

chat_bubble_outline0

account_circle

Adam

1 day ago

The art of artifact collection and hoarding for the sake of forensic exclusivity...

hexacorn.com/blog/2024/05/0…

#DFIR

thumb_up_off_alt37

chat_bubble_outline0

account_circle

Will Harris

3 days ago

I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024/04/detect… #DFIR Hope it's useful!

I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024/04/detect… #DFIR Hope it's useful!

thumb_up_off_alt536

chat_bubble_outline0

account_circle

Adam

2 days ago

AI will conquer the world....

Right....

AI will conquer the world.... Right....

thumb_up_off_alt16

chat_bubble_outline0

account_circle

Brandon Smarch

4 days ago

Upload malicious .curlrc to directory app runs from

Hit page that calls curl

Curl loads .curlrc file in current dir

Pop shell

thumb_up_off_alt20

chat_bubble_outline0

account_circle

Adam

6 days ago

Only now discovered Spy x Family
This is as good as Aggretsuko (+far less serious)

thumb_up_off_alt6

chat_bubble_outline0

account_circle

Adel Ka

1 week ago

TIL about audit-logs.tax by Daniel Stinson.

thumb_up_off_alt11

chat_bubble_outline0

account_circle

Adam

1 week ago

A license (metadata) to kill (for)...

hexacorn.com/blog/2024/04/2…

#DFIR

thumb_up_off_alt6

chat_bubble_outline0

account_circle

Mike Felch (Stay Ready)

2 years ago

Dropping a new initial access technique via RDP that I dubbed 'Rogue RDP'. Use malicious .RDP files to bypass email/servers/security gateways and then run code to binary plant/exfil from your own RDP server, blinding EDR. Bonus: Target runs HyperV? RCE! blackhillsinfosec.com/rogue-rdp-revi…

thumb_up_off_alt749

chat_bubble_outline0

account_circle

Adam

1 week ago

Excelling at Excel, Part 4

hexacorn.com/blog/2024/04/2…

thumb_up_off_alt16

chat_bubble_outline0

account_circle

Drunk Binary

1 week ago

Come join the hunt! Looking for a Senior threat Hunter in the UK
careers.dragos.com/jobs/2059?lang…

thumb_up_off_alt34

chat_bubble_outline0

account_circle

James Forshaw

1 week ago

Released a new version of OleViewDotNet (v1.14) on the PS gallery. A big change is better source code formatting for proxies and typelibs in IDL format rather than the old pseudo C# one. The video below also shows an example of dynamic parsing and display of source in the UI.

thumb_up_off_alt184

chat_bubble_outline0

account_circle

Jason Koebler

1 week ago

smart as always from Cory Doctorow NONCONSENSUAL BLUE TICK on how closed platforms and social media companies screw over everyone, not just their users

pluralistic.net/2024/04/22/kar…

thumb_up_off_alt15

chat_bubble_outline0

account_circle

Adam

2 weeks ago

oh Linkedin, thank you, thank you, I feel so special. can't wait to start pR0Duc1ing 1nfl00ential C0nTenT for you for fr33

oh Linkedin, thank you, thank you, I feel so special. can't wait to start pR0Duc1ing 1nfl00ential C0nTenT for you for fr33

thumb_up_off_alt14

chat_bubble_outline0

account_circle

Florian

2 weeks ago

Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled.

github.com/floesen/KExecDD

thumb_up_off_alt491

chat_bubble_outline0

account_circle

Gynvael Coldwind

2 weeks ago

So j00ru//vx published two posts on Windows Registry; given that there were a lot of fixes in Windows Registry in recent months I expect these to be fun ;)
googleprojectzero.blogspot.com/2024/04/the-wi…
googleprojectzero.blogspot.com/2024/04/the-wi…

thumb_up_off_alt299

chat_bubble_outline0

account_circle