The biggest risk with Windows: LOLBINS

About this video

• Video Title: The biggest risk with Windows: LOLBINS
• Channel: PC Security Channel
• Speakers: Leo
• Duration: 00:07:51

Overview

This video explains how attackers can exploit "living off the land binaries" (LOLBins) in Windows to bypass security measures like Windows Defender. It demonstrates how simple commands can disable Defender's scanning capabilities, allowing malware to encrypt files undetected. The video highlights that many built-in Windows tools can be repurposed by attackers for malicious activities, emphasizing the need to monitor system tool usage and overall system communications rather than just looking for traditional malware.

Key takeaways

• Windows Defender Vulnerability: While effective against known threats, Windows Defender can be rendered useless by attackers who add exclusions to scan paths or remove definitions, even if Defender appears to be running.
• LOLBins Explained: Attackers leverage legitimate Windows system binaries (LOLBins) already present on a system to perform malicious actions without introducing new, detectable malware.
• Examples of LOLBins: Tools like Bits Admin, Bit Locker, Certutil, and Scheduled Tasks can be misused by attackers for downloading/executing malware, encrypting files, bypassing security controls, and maintaining persistence.
• Initial Access: Attackers can gain access through social engineering, fake downloads, or exploiting vulnerabilities, and then use LOLBins to conduct further malicious activities.
• Defense Beyond Antivirus: Effective security in 2025 requires monitoring system tool usage and communications, not just relying on traditional antivirus to detect known malware.
• Threat Locker Solution: The video introduces Threat Locker as a potential solution that uses a zero-trust model, ring fencing, and application control to limit what programs and system tools can do, thus mitigating LOLBin attacks.