WinGet can be more than a package manager. We show how .𝚠𝚒𝚗𝚐𝚎𝚝 configs + a self-referencing LNK become a viable initial access payload when Microsoft Store is enabled. Includes detection queries & mitigation tips.
blog.compass-security.com/2026/03/wing...
#RedTeam #Windows #LOLBins #InitialAccess

Proactive Threat Hunting with Elastic Security

~Elastic~
Article details a hypothesis-driven approach to threat hunting for LOLBins using Elastic Security's AI Assistant and analytics.
-
IOCs: (None identified)
-
#LOLBins #ThreatHunting #ThreatIntel

ClickFix may be the biggest security threat your family has never heard of Relatively new technique can bypass many endpoint protections.

I just learned about #LOLbins, It’s actually an old technic (Living Off the Land) which implies no “physical” files on the FS.

arstechnica.com/security/202...

This goes beyond simple shell exploitation :
github.com/sheimo/aweso...

#security

Cybercriminals are exploiting QR codes, ClickFix tactics, and LOLBins to bypass traditional security measures. Stay vigilant and enhance your defenses. #CyberSecurity #Phishing #LOLBins Link: thedailytechfeed.com/emerging-cyb...

New Malware & Phishing Tactics

~Anyrun~
Threat actors use social engineering (ClickFix), QR code phishing, and LOLBins to deliver stealers and RATs, bypassing automated defenses.
-
IOCs: (None identified)
-
#LOLBins #Malware #Phishing #ThreatIntel

LNK files sent via Discord drop Moq.zip; odbcconf.exe loads a malicious DLL RAT that bypasses AMSI and patches EtwEventWrite to disable ETW. Detection should focus on odbcconf.exe/process tree anomalies and extracted PDF decoys. #LNK #RAT #LOLBins https://bit.ly/46mvWXQ

Crypto24 Ransomware Uses LOLBins & Custom Malware

~Trendmicro~
Crypto24 ransomware blends legitimate tools with custom malware to bypass EDR and exfiltrate data before encryption.
-
IOCs: WinMainSvc. dll, MSRuntime. dll, AVB. exe
-
#Crypto24 #LOLBins #Ransomware #ThreatIntel

What Are LOLBins? | SOC Prime Gain insights into LOLBins, their exploitation by threat actors, and detect attacks with relevant Sigma rules from SOC Prime Platform.

What are #LOLbins? Learn how attackers exploit these binaries, explore Sigma rules for detection, and check out relevant mitigations.

LOLBAS

LOLBins/Drivers Key resources:
→ LOLBAS: [lolbas-project.github.io](lolbas-project.github.io)
→ LOLDrivers: [loldrivers.io](www.loldrivers.io)
Detect abused tools & malicious drivers.
#LOLBins #LOLDrivers

LolBins + minimal tweaks = bypassed EDRs 🧐

Join Wietze Beukema at #NullconGoa2025 to learn how LOLBins can bypass EDR detections and introduce a tool that creates your own obfuscated command lines for security testing or research

👉 nullcon.net/goa-2025/spe...

#EDR #LOLBins #LOLBAS

LOLBAS

Day 15 of Cabby42’s InfoSec Advent Calendar is here!

Today’s pick: LOLBins and GTFOBins—legitimate tools used for malicious purposes. Learn more to stay ahead.

Resources:

LOLBins: https://buff.ly/2zE27oC
GTFOBins: https://buff.ly/2MUZXqu
#InfoSecAdvent #Cybersecurity #Cabby42 #LOLBins

Hackers are abusing Microsoft tools more than ever before Abuse of LOLbins in cyberattacks is skyrocketing, Sophos says

Hackers are increasingly abusing Microsoft tools, with a staggering 51% rise in LOLbins used in attacks this year! 🚨💻 Key players include RDP, PowerShell, and cmd.exe. Sophos emphasiz multi approach 🔒✨ Read more: www.techradar.com/pro/security... #CyberSecurity #Microsoft #LOLbins #TechNews

Cisco Talos Q3 Trends: LoLBins, Infostealers, Business Email Compromise (BEC), AitM (Adversary in the Middle), Insiders.
|
blog.talosintelligence.com/incident-res...
|
#InfoSec #CyberSecurity #LoLBins #InfoStealers #BEC #AitM #Insiders