~Talos~
Talos details how attackers abuse legitimate tools for data theft, releasing a framework for behavioral detection.
-
IOCs: (None identified)
-
#LOLBAS #Ransomware #ThreatIntel
0
0
0
0
Hashtag
#LOLBAS
Advertisement Β· 728 Γ 90
Interactive PowerShell TUI NEBULA catalogs WMI/COM/LOLBAS execution and persistence tests and logs detailed results; includes example payloads like regsvr32_squiblydoo.sct and mshta_calc.hta. #LOLBAS #PowerShell #tool https://bit.ly/4sIJZ3b
0
0
0
0
LOLBASline - PowerShell tool that clones the LOLBAS repo or uses local YAMLs to check presence and attempt representative executions of LOLBAS items; outputs a CSV baseline for Windows assessments. #tool #LOLBAS #PowerShell https://bit.ly/4nIrZ5L
0
0
0
0
High impact: centralised mapping of RMM, exfiltration, credential-theft and LOLBAS used by ransomware groups. Technical findings: tool lists enable process-based detections and hunt queries for exfil patterns. #ransomware #LOLBAS #tool https://bit.ly/47NdM2J
0
0
0
0
Have you heard of the rarely observed #LOLBAS technique abusing cdb.exe? A new backdoor called Squidoor utilizes this technique, and is in the toolkit of a suspected Chinese threat actor targeting multiple countries and sectors. bit.ly/3Fauuwk
3
1
0
0
#LOLBAS project update:
Entries now have placeholders for paths, URLs, and more. This makes it easier to visually see what parts are "variable", and for LOLBAS API users (lolbas-project.github.io/api/) it'll be easier to use with automation.
Check it out:
β lolbas-project.github.io
13
6
0
0
LolBins + minimal tweaks = bypassed EDRs π§
Join Wietze Beukema at #NullconGoa2025 to learn how LOLBins can bypass EDR detections and introduce a tool that creates your own obfuscated command lines for security testing or research
π nullcon.net/goa-2025/spe...
#EDR #LOLBins #LOLBAS
0
0
0
0