https://hexpysya.github.io/tags/upx/Recent content in UPX on bubka hacks stuffHugo -- gohugo.ioen-usTue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-lockdown/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-lockdown/An attacker performed SYN port scanning against an IIS server, enumerated open SMB shares, uploaded a webshell to the Documents share, triggered a reverse shell on port 4443, and established persistence via AgentTesla dropped into the Startup folder, which exfiltrated data via SMTP to cp8nl.hyperhost.ua.