all InfoSec news
Persistence and LOLBins
Dec. 31, 2022, 11:50 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
Grzegorz/@0gtweet tweeted something recently that I thought was fascinating, suggesting that a Registry modification might be considered an LOLBin. What he shared was pretty interesting, so I tried it out.
First, the Registry modification:
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\Utilities\query" /v LOLBin /t REG_MULTI_SZ /d 0\01\0LOLBin\0calc.exe
Then the command to launch calc.exe:
query LOLBin
Now, I've tried this on a Windows 10 system and it works great, even though Terminal Services isn't actually running on this system. Running just the "query" command …
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Wireshark 4.2.5 Released, (Sat, May 18th)
1 day, 7 hours ago |
malware.news
Leveling the cybersecurity playing field
1 day, 22 hours ago |
malware.news
Automated pentesting in the cloud
1 day, 22 hours ago |
malware.news
How to revamp your cybersecurity in the middle of the chaos
1 day, 22 hours ago |
malware.news
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Computer and Forensics Investigator
@ ManTech | 221BQ - Cstmr Site,Springfield,VA
Senior Security Analyst
@ Oracle | United States
Associate Vulnerability Management Specialist
@ Diebold Nixdorf | Hyderabad, Telangana, India