bohops
bohops
Receiving the following error on process scanning that should otherwise return a successful result: "Object reference not set to an instance of an object."
Add (and maintain) a list of lolbas file names (e.g. lolbas.txt). Per recommendation from @NathanMcNulty [https://twitter.com/NathanMcNulty/status/1460295942616219649], this could loaded into MDEs/SIEMs for searching and other use cases.
GfxDownloadWrapper.exe is a 3rd party lolbin that is categorized as an OS Binaries. Consider moving to Other Binaries Archive.
'Tamper' is a function that better describes certain lolbin functionality. At least 2 lolbins are noted: - fltmc.exe - fsutil.exe (prospective) There may be others.
E.g. conhost.exe --headless notepad  Ref: https://twitter.com/embee_research/status/1559410767564181504 https://twitter.com/ankit_anubhav/status/1561683123816972288
Investigate methodologies for gaining better insight in and around dynamic assemblies
- Adding other resources for entrypoint patching and threadless injection (veh)