Hexacorn
@hexacorn.bsky.social
Red Brain, Blue Fingers
Malware Analysis, Reverse Engineering, Threat Hunting, Detection Engineering, DFIR, Security Research, Programming, Curiosities, Software Archaeology, Puzzles, Bad dad jokes
https://www.hexacorn.com/blog/
hexacorn@infosec.exchange
Malware Analysis, Reverse Engineering, Threat Hunting, Detection Engineering, DFIR, Security Research, Programming, Curiosities, Software Archaeology, Puzzles, Bad dad jokes
https://www.hexacorn.com/blog/
hexacorn@infosec.exchange
less known way to calculate sha256 of files on Windows
disksnapshot -c -k -v c:\test
will print out file info including sha256 for every file in the directory
disksnapshot -c -k -v c:\test
will print out file info including sha256 for every file in the directory
November 14, 2025 at 7:35 PM
less known way to calculate sha256 of files on Windows
disksnapshot -c -k -v c:\test
will print out file info including sha256 for every file in the directory
disksnapshot -c -k -v c:\test
will print out file info including sha256 for every file in the directory
no idea :(
but it does include this:
but it does include this:
August 20, 2025 at 10:52 PM
no idea :(
but it does include this:
but it does include this:
August 20, 2025 at 9:23 PM
clever carding page
hxxps://gov[.]comsitebab[.]life/gov
when you visit from the desktop, it's just a regular website (although compromised)
when you visit from a smartphone, you get a fake gov web site that harvests your CC details
hxxps://gov[.]comsitebab[.]life/gov
when you visit from the desktop, it's just a regular website (although compromised)
when you visit from a smartphone, you get a fake gov web site that harvests your CC details
June 16, 2025 at 2:07 PM
clever carding page
hxxps://gov[.]comsitebab[.]life/gov
when you visit from the desktop, it's just a regular website (although compromised)
when you visit from a smartphone, you get a fake gov web site that harvests your CC details
hxxps://gov[.]comsitebab[.]life/gov
when you visit from the desktop, it's just a regular website (although compromised)
when you visit from a smartphone, you get a fake gov web site that harvests your CC details
Glad Skype data deletion works
May 6, 2025 at 12:03 PM
Glad Skype data deletion works
I broke the window(s)!
February 20, 2025 at 11:35 AM
I broke the window(s)!
a sign like this would lead to questions
what about the weekends?
what about the weekends?
February 3, 2025 at 3:30 PM
a sign like this would lead to questions
what about the weekends?
what about the weekends?
How to deal with Gemini, totally random attempt lulz
January 31, 2025 at 5:45 PM
How to deal with Gemini, totally random attempt lulz
the new, upgrded bundle coming to 3 billion devices
January 26, 2025 at 10:18 AM
the new, upgrded bundle coming to 3 billion devices
come to think of it, it's actually pretty easy; probably can be simplified but I wanted 4 chars as anchors at the front
December 8, 2024 at 3:19 PM
come to think of it, it's actually pretty easy; probably can be simplified but I wanted 4 chars as anchors at the front
November 30, 2024 at 10:41 AM
I had a facebook account for a very short time in 2011 or so; then I deleted the account; only to receive this 13 years later
I guess nothing ever gets deleted
I guess nothing ever gets deleted
November 26, 2024 at 11:15 AM
I had a facebook account for a very short time in 2011 or so; then I deleted the account; only to receive this 13 years later
I guess nothing ever gets deleted
I guess nothing ever gets deleted
November 15, 2024 at 10:17 PM
October 19, 2024 at 10:24 PM
October 19, 2024 at 9:10 PM
October 12, 2024 at 6:54 AM
September 21, 2024 at 10:44 PM
September 11, 2024 at 10:09 PM
September 5, 2024 at 9:10 PM
September 4, 2024 at 9:02 PM
Rundll32 and Phantom DLL lolbins
hexacorn.com/blog/2024/09...
a kinda novelty lolbin-phantom DLL combo
#lolbin
hexacorn.com/blog/2024/09...
a kinda novelty lolbin-phantom DLL combo
#lolbin
September 3, 2024 at 9:42 PM
Rundll32 and Phantom DLL lolbins
hexacorn.com/blog/2024/09...
a kinda novelty lolbin-phantom DLL combo
#lolbin
hexacorn.com/blog/2024/09...
a kinda novelty lolbin-phantom DLL combo
#lolbin
December 31, 2023 at 10:22 AM
1 little known secret of regsvr32.exe, take three
www.hexacorn.com/blog/2023/12...
aka regsvr32.exe bomb
#lolbin #dolbin
www.hexacorn.com/blog/2023/12...
aka regsvr32.exe bomb
#lolbin #dolbin
December 28, 2023 at 11:16 PM
1 little known secret of regsvr32.exe, take three
www.hexacorn.com/blog/2023/12...
aka regsvr32.exe bomb
#lolbin #dolbin
www.hexacorn.com/blog/2023/12...
aka regsvr32.exe bomb
#lolbin #dolbin
December 27, 2023 at 12:10 AM