Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Detecting LOLBAS Vulnerabilities

August 9, 2023
Reading Time: 2 mins read
in Alerts
Detecting LOLBAS Vulnerabilities

Cybersecurity researchers have recently unveiled a significant discovery involving 11 living-off-the-land binaries-and-scripts (LOLBAS) with the potential for malicious exploitation by threat actors for post-exploitation activities.

LOLBAS, an attack method that harnesses system binaries and scripts for nefarious purposes, poses a unique challenge to security teams as it disguises malicious actions within trusted system utilities, making it difficult to distinguish between legitimate and harmful activities. The Israeli cybersecurity firm Pentera has identified nine LOLBAS downloaders and three executors that adversaries can utilize to download and execute more sophisticated malware on compromised hosts.

These findings highlight specific executables, such as MsoHtmEd.exe, Mspub.exe, ProtocolHandler.exe, ConfigSecurityPolicy.exe, InstallUtil.exe, Mshta.exe, Presentationhost.exe, Outlook.exe, MSAccess.exe, scp.exe, and sftp.exe, that could be exploited by attackers as part of their strategy.

Pentera emphasizes the threat posed by LOLBAS executors, which allow cybercriminals to execute their malicious tools within a seemingly legitimate process tree, enhancing their ability to evade detection. However, Pentera also notes that attackers may leverage executables beyond those related to Microsoft to achieve similar malicious goals, illustrating the versatility of the LOLBAS approach.

In a related context, the research coincides with the disclosure of a novel attack vector by Vectra, involving the use of Microsoft Entra ID cross-tenant synchronization (CTS) to facilitate lateral movement within a compromised cloud environment.

This disclosure further underscores the evolving landscape of cyber threats and the need for robust security measures. As LOLBAS attacks exploit pre-existing system components, these findings serve as a reminder of the importance of proactive monitoring and enhanced detection mechanisms to counteract potential threats posed by trusted utilities that can be repurposed by threat actors.

Reference:
  • The LOL Isn’t So Funny When It Bites You in the BAS
Tags: August 2023Cyber AlertCyber Alerts 2023CyberattackCybersecurityExploitLOLBaSThreat ActorsVulnerabilities
ADVERTISEMENT

Related Posts

Smishing targets routers in Belgium 2025

Smishing targets routers in Belgium 2025

October 2, 2025
Smishing targets routers in Belgium 2025

Outlook Bug Causes Repeated Crashes

October 2, 2025
Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

October 2, 2025
Microsoft Sentinel Unveils AI SIEM

Apple Pushes iPhone and Mac Updates

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

Tesla Fixes TCU Bug With USB Risk

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

EvilAI Malware Posing As AI Tools

October 1, 2025

Latest Alerts

Outlook Bug Causes Repeated Crashes

Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

Tesla Fixes TCU Bug With USB Risk

Apple Pushes iPhone and Mac Updates

EvilAI Malware Posing As AI Tools

Subscribe to our newsletter

    Latest Incidents

    Allianz Life July Breach Hits 1.5M

    Dealership Software Breach Hits 766k

    Suffolk Website Down After Cyber-Attack

    WestJet Confirms Data Breach

    Ransomware Gang Recruits Reporter

    US Surveillance Hack Exposes Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial