← Back to hub

LOLBAS Remote Download Cradle Execution Chain

Detects native Windows binaries (certutil, bitsadmin, mshta, regsvr32, cmstp) used with arguments indicative of remote download and execution, a key Living Off the Land technique documented in the LOLBAS project for bypassing security controls

🔒

Premium Content

This query requires an active subscription to access the code.

Get Access