top of page


Living Off The Land Binaries, Scripts and Libraries

Asset 6.png

As a leading cyber research company, always on the lookout the help our customers bolster their cyber defenses. White Hat is a major contributor to the LOLAB project.

Just added to the #LOLBAS project: use desk.cpl to proxy the execution of arbitrary executables, as long as they use a .SCR extension.

White Hat for community

In service to community and our clients​

Almost 40 files that will execute calculator. make your own pull request for new files.

A new type of ransomware has been identified, the Agenda ransomware.

In this blog, we will examine what DCOM and ActiveX are, how they work, and the potential security risks associated with using them to run commands remotely through Internet Explorer.

This blog will show you how seeing a specific attack path in a GitHub commit led us to find Proxy Execution capability in a wide array of binaries, which could allow attackers to execute any binary, bypass defenses, and potentially even gain an initial access as part of a weaponized malware in red team operations.

Asset 5.png
bottom of page