TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

What are LOLBins? How to Detect Malicious Threats | Huntress

2025-01-09 · Read original ↗

ATT&CK techniques detected

9 predictions
T1136.001Local Account
94%
“purposes, security software may not flag their activity as suspicious. this can allow attackers to operate undetected and execute malicious commands, such as : - data exfiltration - system reconnaissance - privilege escalation - lateral movement within a network - persistence ( m…”
T1136.001Local Account
94%
“that can be used within an organization to create and manage large groups of user accounts across an entire infrastructure. another means for creating user accounts involves the native utility, net. exe. many administrators use this lolbin to create, manage, and remove user accou…”
T1136.001Local Account
80%
“/ add switch for creating a new user ( not using the switch changes the password of the user account ) falls at the end of the command line. however, it doesn ’ t have to ; this is simply a convention that many administrators tend to follow. how to detect it huntress analysts hav…”
T1218System Binary Proxy Execution
65%
“what are lolbins? how to detect malicious threats | huntress to fly under the radar, cyberattackers need to stay one step ahead. one sneaky way hackers attempt to remain unnoticed? lolbins, a tempting target for hackers to leverage. lolbins – – otherwise known as “ living off the…”
T1078.003Local Accounts
60%
“server ) 3. username and password conventions most organizations have standard username and password conventions that are used across the various interfaces. this can include conventions like using first initial and last name in emails or setting up passwords to follow particular…”
T1136.001Local Account
51%
“server ) 3. username and password conventions most organizations have standard username and password conventions that are used across the various interfaces. this can include conventions like using first initial and last name in emails or setting up passwords to follow particular…”
T1218System Binary Proxy Execution
46%
“today. faq which type of malware relies on lolbins? fileless malware often relies on lolbins. by leveraging legitimate system tools, fileless malware can execute malicious code without ever dropping a file to disk, making it difficult to detect and remove. what is the most used l…”
T1218.011Rundll32
41%
“today. faq which type of malware relies on lolbins? fileless malware often relies on lolbins. by leveraging legitimate system tools, fileless malware can execute malicious code without ever dropping a file to disk, making it difficult to detect and remove. what is the most used l…”
T1218.011Rundll32
30%
“what are lolbins? how to detect malicious threats | huntress to fly under the radar, cyberattackers need to stay one step ahead. one sneaky way hackers attempt to remain unnoticed? lolbins, a tempting target for hackers to leverage. lolbins – – otherwise known as “ living off the…”

Summary

Learn what LOLBins are, threats malicious threat actors can pose, how to detect those threats, and how to prevent them.