Hexastrike Blog
Combining the Raptors – Incident Response using Velociraptor and CrowdStrike Falcon
Although CrowdStrike is a powerful EDR, incidents still happen, even when using thorough prevention policies. In this post, we will use CrowdStrike Falcon in combination with Velociraptor to streamline our incident response processes. If you want to learn more about Velociraptor, check out their docs or one of our previous blog posts, in which we describe how to set up Velociraptor in Azure. Key Learnings in this Post In this blog post, we will showcase: Requirements You’ll need access to
Lumma Stealer Distribution via Fake CAPTCHAs
Last September, I received an email about a supposed security issue in one of my GitHub repositories. The sender claimed they had discovered vulnerabilities in my code and directed me to an external site, github-scanner[.]com, for more information. Once there, I was presented with a CAPTCHA that purportedly confirmed my identity as a human. At the time, I documented my research internally and blurred out some Indicators of Compromise, so for this blog post, I relied on archived records of
VLC Stack-Based Buffer Overflow – Exploiting CVE-2008-4654 with a WOW64 Egghunter
Recently, I was reading A Bug Hunter’s Diary by Tobias Klein, an incredibly well-written book on various exploitation techniques and, more importantly, bug-hunting methodologies—particularly in binaries. Even though the book itself is more than 15 years old, it remains a valuable resource. I highly recommend reading through it in detail for beginners and trying to understand each concept thoroughly. You can’t skip these great older resources to learn the basics of binary exploit development, debugging, and reverse engineering. I started