Shell32.dll, #44 lolbin

www.hexacorn.com/blog/2025/05...

LOL

This makes me think of when I tried installing FLARE on windows 11. You can still disable defender in GPO, but the installer doesn't see it, there's also web protection that breaks installs 🥲

Pretty stoked, finished one of the #DEATHCon2024 threat hunting challenges from a workshop to win swag.

It was a good opportunity to flex:
- initial access / exploitation
- execution
- persistence mechanisms
- exfiltration

While tinkering with SPL for results I needed.

BRC4 Malware Analysis and Deobfuscation (Stream - 9/11/2024) YouTube video by Invoke RE

youtu.be/-X1n3BEfzv8?...

Windows Defender stopping / killing a powershell script to emulate APT29

Me trying to have a good time running malware.

Windows Defender:
"How about, no."

Join DART What to know about becoming an infrastructure specialist on DART.

Have you ever considered being part of our team? Check out our article written by my colleague Tim about what our team does and what it's like to be part of the Microsoft incident response team. techcommunity.microsoft.com/blog/microso...

I've liked things so far

Reminds me of what Twitter used to be when it was actually good, but with some additional pieces

michael jordan is wearing a suit and tie and says `` stop it '' . ALT: michael jordan is wearing a suit and tie and says `` stop it '' .

I've really enjoyed tinkering with my proxmox server. What's even better is now that I have a public facing web server proxied through Cloudflare I keep getting notifications of attacks on my network 🥲

Kasm Install | Golgothus' Lab

Wrote a brief post about Kasm web, really awesome tool to use for creating persistent as well as ephemeral containers

docs.golgothus.tech/other-resear...

Planning to try and use these for DEATHCON, thankfully I made sure to snapshot my VM before the install in case it broke 😅