August 03, 2023 BleepingComputer published The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will soon include the main executables for Microsoft’s Outlook email client and Access database management system.
The main executable for the Microsoft Publisher application has already been confirmed that it can download payloads from a remote server.
LOLBAS stands for Living-off-the-Land Binaries and Scripts and are typically described as signed files that are either native to the Windows operating system or downloaded from Microsoft.
They are legitimate tools that hackers can abuse during post-exploitation activity to download and/or run payloads without triggering defensive mechanisms. Read More..