all InfoSec news
LOLSpoof - An Interactive Shell To Spoof Some LOLBins Command Line
KitPloit - PenTest Tools! www.kitploit.com
LOLSpoof is a an interactive shell program that automatically spoof the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin (e.g. powershell -w hidden -enc ZwBlAHQALQBwAHIAbwBjAGUA....) and LOLSpoof will ensure that the process creation telemetry appears legitimate and clear.
Why
Process command line is a very monitored telemetry, being thoroughly inspected by AV/EDRs, SOC analysts or threat hunters.
How
- Prepares the spoofed command line out of the real one: lolbin.exe " " * sizeof(real arguments) …
call clear command command line hidden line lolbin lolbins opsec post-exploitation powershell process process creation program shell spoof spoofing telemetry