An information security construct whereas compiled code (often times signed) executes compiled code (often times malicious) in a manner that is not intended by the original programmers but yet is not a real security vulnerability. LOLBins typically have no material value outside of infosec twitter, you can't sell them, you can't feed your family, nor can you own a network with them outright. Sometimes LOLBins bypass lame-ass whitelisting and AV solutions - but you have code execution already so it's a chicken and egg problem. Scratch that, more like a why the fuck-am-i-doing-this-if-I'm-already-in-memory problem amirite?
by securityperson June 8, 2018
Get the LOLBin mug.An information security construct whereas compiled code (often times signed) executes compiled code (often times malicious) in a manner that is not intended by the original programmers but yet is not a real security vulnerability. LOLBins typically have no material value outside of infosec twitter, you can't sell them, you can't feed your family, nor can you own a network with them outright. Sometimes LOLBins bypass lame-ass whitelisting and AV solutions - but you have code execution already so it's a chicken and egg problem. Scratch that, more like a why the fuck-am-i-doing-this-if-I'm-already-in-memory problem amirite?
by securityperson June 8, 2018
Get the LOLBin mug.