LOLBins is the abbreviated term for Living Off the Land Binaries. Living Off the Land Binaries are binaries of a non-malicious nature, local to the operating system, that have been utilised and exploited by cyber criminals and crime groups to camouflage their malicious activity.
Initially, LOLBins were commonly used in a post-exploitation basis, to gain persistence or escalate privileges. However, the local system binaries or the preinstalled tools on a machine are now being used to bypass detection and aid in malware delivery.
Which means that malicious actors can use these LOLBins to achieve their goals, without relying on specific code or files.
LOLBins are often Microsoft signed binaries. Such as Certutil, Windows Management Instrumentation Command-line (WMIC).
They can be used for a range of attacks, including executing code, to performing file operations (downloading, uploading, copying, etc.), to stealing passwords.
More information about the Living Off The Land Binaries, Scripts and Libraries project on GitHub in the links below.
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
