APT – Telegram

LOLBAS WorkFolders.exe

"C:\Windows\System32\WorkFolders.exe" (signed by MS) can be used to run arbitrary executables in the current working directory with the name control.exe. It's like a new rundll32.exe lolbin but for EXEs!

#lolbin #lolbas

358 views19:58

APT

This media is not supported in your browser

VIEW IN TELEGRAM

LOLBAS Cmdl32.exe

It's like a new certutil.exe but absolutely unheard of by any antivirus software!
"C:\Windows\System32\Cmdl32.exe" (signed by MS) is for you.

#lolbin #lolbas

660 views17:51

APT

LOLBIN(s): mpiexec.exe & smpd.exe

Path:

C:\Program Files\Microsoft MPI\Bin

mpiexec.exe spawns smpd.exe which then spawns an executable.

Usage:

mpiexec.exe -n 1 c:\path\to\binary.exe

#lolbin #mpiexec #redteam

👍1

445 views07:45

APT

LOLBIN — wlrmdr

Action on click:
wlrmdr.exe -s 60000 -f 1 -t "Important" -m "Click this dude!" -a 10 -u cmd

You can use "-a 11" to skip the click requirement and spawn your process immediately:
wlrmdr -s 0 -f 0 -t 0 -m 0 -a 11 -u cmd

#windows #wlrmdr #lolbin #lolbas

614 views10:49

APT

LOLBIN to dump LSASS

Path:
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Extensions\TestPlatform\Extensions

Binary:
DumpMinitool.exe

#lolbin #lsass #dump

👍2

685 views09:06

About

Blog

Apps

Platform