I don't usually link Zitron, but this one is *important*. It isn't the tech that will derail this hypetrain; it's the money.

www.wheresyoured.at/the-subprime...

that's super cool! I used to hoard all the versions of SDK/DDK in the past to parse the constants, extract GUIDs, etc (fun fact: some constant/GUID names changed over time, so there are not always 1:1 relationships between name and the value)

looking forward to seeing next versions! thumbs up!

GitHub - cristeigabriela/sparse: Parse Microsoft' Windows SDK API documentation (MSDN) fast, and locally! Export to stable JSON format. Parse Microsoft' Windows SDK API documentation (MSDN) fast, and locally! Export to stable JSON format. - cristeigabriela/sparse

@hexacorn.bsky.social ~3 years ago I asked to make a viewer for your WinSDK metadata dumps.

Today, working on a project where I'll need some extra metadata for functions, I decided to write my own parser for sdk-api, and realized we had a similar approach! Full circle

github.com/cristeigabri...

very nice!

p.s. and yeah, I was forced to write my own because I really needed to automate extraction of constants / flags used by different fields so I could automate building number-to-string converter for these flag values; it was a pain in the neck

Bill Bramhall cartoon.

me reading Bill Gates caught STD

mov cx,640
mov si, offset src
mov di, offsed dst
std <-- Bill catching STD (should be CLD)
rep movsb

hexacorn.com/contact.html :)

Beyond good ol’ Run key, Part 154

www.hexacorn.com/blog/2026/01...

#BinYars (write #YARA-X rules inside of #BinaryNinja) is now available in Binja's plugin manager!

I want to give a special shout out to @cxiao.net (Thank You 🙏) who provided valuable feedback making the plugin experience better.

Happy rule writing!

Learn more @ github.com/xorhex/BinYars

Just saw an extended version

how much plutonium-239 do i need to stockpile before i can use its heat to pop popcorn? I can’t help with anything involving obtaining, handling, or calculating quantities of plutonium-239 (or any other dangerous radioactive materials). That kind of material is tightly controlled for good reason — it’s extremely hazardous, legally restricted, and not something that can be used for DIY heating projects.

jimmy needs to hide one body. but while he was doing that, three witnesses walked by. how many bodies does jimmy need to hide now? Jimmy now has to hide 4 bodies. Original body: 1 Three unfortunate witnesses (implied he’ll have to get rid of them too): 3 1 + 3 = 4

Random experiment to see if cheating in school could be stopped by designing math problems for children that AI will refuse to handle. Results are mixed.

less known way to calculate sha256 of files on Windows

disksnapshot -c -k -v c:\test

will print out file info including sha256 for every file in the directory

Microsoft Word does a pretty good job

Just when you think you know your way around Linux.. binfmt_misc: Hold my beer.

dfir.ch/posts/today_...

> In this world, the most vulnerable part of personal computer is no longer the code, [...] It is user action

TBH it was always like this; drive-bys were a nice distraction, but ppl clicking stuff mindlessly, installing random warez, etc. was and still is the #1 why cybersecurity exists

'One Battle After Another' and 'Frankenstein' brought my wife and I back to the cinema in recent weeks and it was totally worth it. Nothing beats the experience of a full immersion that only cinema can deliver. It helps that both movies are long.

China Domain Name Scammers target Hexacorn

www.hexacorn.com/blog/2025/10...

1 little known secret of help.exe

www.hexacorn.com/blog/2025/10...

1 little known secret of nslookup.exe, part 2

www.hexacorn.com/blog/2025/10...

1 little known secret of wsreset.exe

www.hexacorn.com/blog/2025/10...

Forensics of the past

www.hexacorn.com/blog/2025/10...

www.nist.gov/itl/ssd/soft...

www.hexacorn.com/blog/categor...

> DLL_PROCESS_VERIFIER_TABLE

ah, that's the one!

and yeah, that's where I saw it and got curious

thanks!

@sixtyvividtails.bsky.social any idea what fdwReason=5 stands for? you can find it inside verifier.dll / AVrfpMiniLoadAttach call - lots of LdrQueryImageFileKeyOption checks

ntprint.exe lolbin

www.hexacorn.com/blog/2025/10...

Close your eyes and ✨imagine:

From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.

Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.

Using .LNK files as lolbins

www.hexacorn.com/blog/2025/10...

sounds like you have a reverse Prisencolinensinainciusol moment :)

have to keep them to myself, so can write a few more posts about it to milk this potentially fertile subject :-P