https://hexpysya.github.io/tags/lolbins/Recent content in LOLbins on bubka hacks stuffHugo -- gohugo.ioen-usTue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-lumma-stealer---dll-side-loading-via-click-fix-phishing/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-lumma-stealer---dll-side-loading-via-click-fix-phishing/A Click Fix phishing email impersonating Microsoft lured Dylan into visiting a malicious site, which executed a disguised PowerShell command launching mshta.exe to download Lumma Stealer payload from overcoatpassably.shop. The host was contained before confirmed data exfiltration.https://hexpysya.github.io/blue_team/elk-black-basta/Thu, 09 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/elk-black-basta/A finance employee opened a malicious Excel macro from a drive-by download, which executed a VBS dropper, loaded WindowsUpdaterFX.dll via regsvr32, established persistence, dropped Pancake.jpg.exe as a C2 backdoor, performed internal reconnaissance, laterally moved to a domain controller via PsExec using compromised credentials, exfiltrated client data to MEGA via rclone, deleted shadow copies, and deployed BlackBasta ransomware.https://hexpysya.github.io/blue_team/elk-revil/Tue, 07 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/elk-revil/An administrator executed facebook assistant.exe on a Windows Server 2019 host, which dropped REvil ransomware (Sodinokibi), spawned a PowerShell process that deleted Volume Shadow Copies, and dropped ransom notes across multiple user profile directories.https://hexpysya.github.io/blue_team/thm-phishing-unfolding/Mon, 16 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/thm-phishing-unfolding/