Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Of LoLBins, 0-Days, ESET, and Microsoft Defender
Message
<blockquote data-quote="ForgottenSeer 109138" data-source="post: 1083502"><p>LOLBAS</p><p></p><p>Lists of LOLBins and Scripts that can be abused with download and execute functionality.</p><p></p><p>Sftp</p><p>Presentationhost</p><p>Configuresecuritypolicy</p><p>MSHta</p><p>MSPub</p><p>Sftp</p><p>Protocolhandler</p><p>Installutil</p><p>MsoHtmEd</p><p>Outlook</p><p>MSAccess</p><p></p><p>Of these there are 3 that draw attention immediately. Outlook, MSPub, and MSAccess.</p><p></p><p>Outlook.exe is the executable file that launches the Microsoft Outlook email management program.</p><p></p><p>MSPub.exe is the executable name for Microsoft Publisher, and launches its application.</p><p></p><p>MSAccess.exe is a legitimate executable file that allows users to access Microsoft Access.</p><p></p><p>If we apply the theory that it can be exploited to download and execute malicious items on the desktop therefore it should be detected and blocked, this might cause issue for these vary legit tools would it not. Are vendors supposed to irritate their customers with blocks of these because they can be abused, or find ways to examine the contents of the third party files or payloads as well as monitor behavioral actions post execution.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 109138, post: 1083502"] LOLBAS Lists of LOLBins and Scripts that can be abused with download and execute functionality. Sftp Presentationhost Configuresecuritypolicy MSHta MSPub Sftp Protocolhandler Installutil MsoHtmEd Outlook MSAccess Of these there are 3 that draw attention immediately. Outlook, MSPub, and MSAccess. Outlook.exe is the executable file that launches the Microsoft Outlook email management program. MSPub.exe is the executable name for Microsoft Publisher, and launches its application. MSAccess.exe is a legitimate executable file that allows users to access Microsoft Access. If we apply the theory that it can be exploited to download and execute malicious items on the desktop therefore it should be detected and blocked, this might cause issue for these vary legit tools would it not. Are vendors supposed to irritate their customers with blocks of these because they can be abused, or find ways to examine the contents of the third party files or payloads as well as monitor behavioral actions post execution. [/QUOTE]
Insert quotes…
Verification
Post reply
Top