x64dbg LaunchProgram find password3
| |

Retrieve password from exe(3)

This article is part three of “Extract/Dump/Retrieve password from exe” series. Previously, we have discussed unpack/decompile an executable back to script in part one and dumping connection string credentials in part two. In this article, we will explore how we can retrieve passwords from exe using other techniques and tools such as Process Monitor from…

VS2019 VC# MSSQL x64 strings
| |

Dump password from exe(2)

This article is actually part two of “Extract/Dump password from exe” series. In part one, we focused on unpacking executable generated by script converter such as PyInstaller, Py2exe and AutoIt. In short, we will focus on executable compiled by Visual Studio and Delphi in this article. Basically, we will try to understand what information is…

Splunk Threat Activity Detected
| | | | |

Splunk local threat intel

Why yet another Splunk local threat intel article ? Obviously, there are many excellent articles: Unlike other articles, we mainly focus on common operational issues of Splunk local threat intel usage including: Before we start to discuss those operational issues, let’s explore the workflow of threat intelligence framework. Basically, it consists of 4 phases: Threat…