You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the user wants to add the LOLBin, it can be done manually to the FirewallHardening BlockList. However, if the new LOLBin is used in the attacks on non-enterprise users, I can add it to the Hard_Configurator "Block Sponsors" or FirewallHardening BlockList. This can depend on the attack vector.
Based on https://lolbas-project.github.io/, it seems that some LOL Bins can be added to Firewall policy. For example,
https://lolbas-project.github.io/lolbas/Binaries/Cmdl32/
https://lolbas-project.github.io/lolbas/Binaries/ConfigSecurityPolicy/
https://lolbas-project.github.io/lolbas/Binaries/DataSvcUtil/
https://lolbas-project.github.io/lolbas/Binaries/Diantz/
https://lolbas-project.github.io/lolbas/Binaries/Ieexec/
https://lolbas-project.github.io/lolbas/Binaries/IMEWDBLD/
https://lolbas-project.github.io/lolbas/Binaries/Ldifde/
https://lolbas-project.github.io/lolbas/Binaries/PrintBrm/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/MsoHtmEd/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/ProtocolHandler/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Squirrel/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Update/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/devtunnels/
https://lolbas-project.github.io/lolbas/OtherMSBinaries/xsd/
...
The text was updated successfully, but these errors were encountered: