https://hexpysya.github.io/tags/shellcode-analysis/Recent content in Shellcode Analysis on bubka hacks stuffHugo -- gohugo.ioen-usFri, 20 Feb 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-obfsc4t10n/Fri, 20 Feb 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-obfsc4t10n/A phishing HTML file masquerading as an invoice delivers a macro-enabled Excel workbook that drops and executes a multi-stage obfuscated HTA payload, ultimately injecting a reverse shell shellcode into rundll32.exe and establishing a C2 connection.https://hexpysya.github.io/investigations/poschc2-sharp_v4_x64.dll/Tue, 25 Nov 2025 00:00:00 +0000https://hexpysya.github.io/investigations/poschc2-sharp_v4_x64.dll/A .NET DLL decodes architecture-specific shellcode from an embedded base64 string, allocates executable memory, and spawns a thread to execute it. The shellcode performs NTDLL unhooking, AMSI and ETW patching before executing an embedded PE payload identified as a PoshC2 dropper.