LOLBAS

Living Off The Land Binaries, Scripts and Libraries

As a leading cyber research company, always on the lookout the help our customers bolster their cyber defenses. White Hat is a major contributor to the LOLAB project.

Proxy Execution

Just added to the #LOLBAS project: use desk.cpl to proxy the execution of arbitrary executables, as long as they use a .SCR extension.

ILASM

A sneak peak from White Hat's research team's daily research outcomes - cool Living Of The Land attack methods:

White Hat for community

White Hat's publications

In service to community and our clients

Initial Access Attachment

Almost 40 files that will execute calculator. make your own pull request for new files.

Agenda Malware Analysis

A new type of ransomware has been identified, the Agenda ransomware.

Lateral movement using Internet Explorer DCOM object and StdRegProv

In this blog, we will examine what DCOM and ActiveX are, how they work, and the potential security risks associated with using them to run commands remotely through Internet Explorer.

This blog will show you how seeing a specific attack path in a GitHub commit led us to find Proxy Execution capability in a wide array of binaries, which could allow attackers to execute any binary, bypass defenses, and potentially even gain an initial access as part of a weaponized malware in red team operations.