All posts for: LOLBin

Tags
Bypassing Windows 11 Defender with LOLBin: Executing Metasploit Reverse Shell Using Native System Mechanisms
In a recent project, I faced the challenge of bypassing security systems on Windows 11. The system was fully updated and initially ran the ESET antivirus. Despite its apparent effectiveness, it was bypassed using a VBA script executed in Excel. Following project discussions, we requested ESET to be disabled, but instead of simplifying the task, the situation became more complex as Windows Defender, also fully updated, was enabled by default. The previous payload ceased to work, necessitating a new solution. In this case, the use of LOLBins and a mechanism I learned during a SANS training proved to be the key.
Red Team Windows Defender Metasploit LOLBin Bypassing Security MSBuild
Jan 10, 2025 4 min read
Bypassing Windows 11 Defender with LOLBin: Executing Metasploit Reverse Shell Using Native System Mechanisms