An information security construct whereas compiled code (often times signed) executes compiled code (often times malicious) in a manner that is not intended by the original programmers but yet is not a real security vulnerability. LOLBins typically have no material value outside of infosec twitter, you can't sell them, you can't feed your family, nor can you own a network with them outright. Sometimes LOLBins bypass lame-ass whitelisting and AV solutions - but you have code execution already so it's a chicken and egg problem. Scratch that, more like a why the fuck-am-i-doing-this-if-I'm-already-in-memory problem amirite?
by securityperson May 21, 2018
An information security construct whereas compiled code (often times signed) executes compiled code (often times malicious) in a manner that is not intended by the original programmers but yet is not a real security vulnerability. LOLBins typically have no material value outside of infosec twitter, you can't sell them, you can't feed your family, nor can you own a network with them outright. Sometimes LOLBins bypass lame-ass whitelisting and AV solutions - but you have code execution already so it's a chicken and egg problem. Scratch that, more like a why the fuck-am-i-doing-this-if-I'm-already-in-memory problem amirite?
by securityperson May 21, 2018