AndyFul
commented
1 week ago Hi,
Thanks. I will keep an eye on those LOLBins. For now, they are not used in attacks on non-enterprise users.
Open sr093906 opened 1 week ago
AndyFul
commented
1 week ago Hi,
Thanks. I will keep an eye on those LOLBins. For now, they are not used in attacks on non-enterprise users.
Based on https://lolbas-project.github.io/, it seems that some LOL Bins can be added to Firewall policy. For example,
https://lolbas-project.github.io/lolbas/Binaries/Cmdl32/ https://lolbas-project.github.io/lolbas/Binaries/ConfigSecurityPolicy/ https://lolbas-project.github.io/lolbas/Binaries/DataSvcUtil/ https://lolbas-project.github.io/lolbas/Binaries/Diantz/ https://lolbas-project.github.io/lolbas/Binaries/Ieexec/ https://lolbas-project.github.io/lolbas/Binaries/IMEWDBLD/ https://lolbas-project.github.io/lolbas/Binaries/Ldifde/ https://lolbas-project.github.io/lolbas/Binaries/PrintBrm/ https://lolbas-project.github.io/lolbas/OtherMSBinaries/MsoHtmEd/ https://lolbas-project.github.io/lolbas/OtherMSBinaries/ProtocolHandler/ https://lolbas-project.github.io/lolbas/OtherMSBinaries/Squirrel/ https://lolbas-project.github.io/lolbas/OtherMSBinaries/Update/ https://lolbas-project.github.io/lolbas/OtherMSBinaries/devtunnels/ https://lolbas-project.github.io/lolbas/OtherMSBinaries/xsd/ ...