https://hexpysya.github.io/tags/pecmd/Recent content in PECmd on bubka hacks stuffHugo -- gohugo.ioen-usMon, 16 Feb 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-workfromhome/Mon, 16 Feb 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-workfromhome/A victim clicked a phishing link impersonating a corporate login page, leading to credential theft. The attacker used stolen credentials to gain RDP access, then escalated privileges via SeManageVolumeExploit, deployed malicious DLLs using certutil, and established persistence through a hidden VBS script in the Startup folder.https://hexpysya.github.io/investigations/htb-easymoney/Thu, 05 Feb 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-easymoney/Administrator executed a malicious shortcut that triggered a hidden PowerShell command, downloading and executing payload and gaining a shell access. The attacker enumerated installed software, identified a vulnerable Yandex Browser (CVE-2024-6473), and exploited DLL hijacking by planting a malicious library that acts as a dropper. This dropper deployed a Sliver C2 implant establishing persistence via a scheduled task and maintaining communication