Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 1032421" data-attributes="member: 32260"><p>Here we can see a different approach to LOLBins between me and [USER=98186]@Oerlink[/USER].</p><p>In my opinion, <strong><span style="color: rgb(184, 49, 47)">blocking LOLBins at home on Windows 10+ can add only a little more security</span></strong>, compared to other H_C features. My concern is that many LOLBins were never properly tested in the home environment. There are many people who use niche or old software/firmware. Microsoft still keeps these LOLBins, so it is reasonable to suspect that they can be (rarely) used by some software, diagnostic tools, etc.</p><p></p><p><strong>So, blocking LOLBins at home with H_C on Windows 10+ can be used optionally by very experienced users, who want to maximize protection. The system is already well-protected without blocking LOLBins.</strong></p><p>Blocking LOLBins in enterprises is another story (highly recommendable).</p><p></p><p>People who are not convinced can look at examples (taken from the SWH thread):</p><p></p><p>Nobelium: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-945840" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Zloader: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-970934" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Log4Shell: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-971687" target="_blank">Q&A - Simple Windows Hardening</a></p><p>GootLoader: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-971785" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Emotet: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973099" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Warzone and AgentTesla: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973109" target="_blank">Q&A - Simple Windows Hardening</a></p><p>AsyncRAT: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973380" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Shuckworm RATS: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973847" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Muddywater: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973919" target="_blank">Q&A - Simple Windows Hardening</a></p><p>SolarMarker: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-973934" target="_blank">Q&A - Simple Windows Hardening</a></p><p>BazarLoader: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-974122" target="_blank">Q&A - Simple Windows Hardening</a></p><p>PPAM attack: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-974196" target="_blank">Q&A - Simple Windows Hardening</a></p><p>HTML ---> ISO ---> scripts: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-975059" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Hermetic Wiper: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-976772" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Asylum Ambuscade spear-phishing: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-977598" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Quakbot: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-978585" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Vidar infostealer: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-980775" target="_blank">Q&A - Simple Windows Hardening</a> <strong>(RunBySmartscreen) <----- attack blocked by H_C</strong></p><p>Emotet: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-985880" target="_blank">Q&A - Simple Windows Hardening</a></p><p>IceID (Cobalt Strike, Quantum ransomware): <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-985951" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Fileless RAT (CHM file): <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/page-25#post-988985" target="_blank">Q&A - Simple Windows Hardening</a></p><p>SocGholish: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-989692" target="_blank">Q&A - Simple Windows Hardening</a></p><p>TA551 phishing campaigns: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-989778" target="_blank">Q&A - Simple Windows Hardening</a></p><p>GuLoader: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-989993" target="_blank">Q&A - Simple Windows Hardening</a> <strong>(RunBySmartscreen) <strong> <----- attack blocked by H_C</strong></strong></p><p>Follina exploit: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-992545" target="_blank">Q&A - Simple Windows Hardening</a></p><p>AstraLocker 2.0: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-995210" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Raspberry Robin worm: <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-995348" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Magniber (CPL variant): <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-998128" target="_blank">Q&A - Simple Windows Hardening</a></p><p>Batloader (MSI <em>PowerShellScriptInline</em> custom action): <a href="https://malwaretips.com/threads/simple-windows-hardening.102265/post-1014030" target="_blank">Question - Simple Windows Hardening</a></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1032421, member: 32260"] Here we can see a different approach to LOLBins between me and [USER=98186]@Oerlink[/USER]. In my opinion, [B][COLOR=rgb(184, 49, 47)]blocking LOLBins at home on Windows 10+ can add only a little more security[/COLOR][/B], compared to other H_C features. My concern is that many LOLBins were never properly tested in the home environment. There are many people who use niche or old software/firmware. Microsoft still keeps these LOLBins, so it is reasonable to suspect that they can be (rarely) used by some software, diagnostic tools, etc. [B]So, blocking LOLBins at home with H_C on Windows 10+ can be used optionally by very experienced users, who want to maximize protection. The system is already well-protected without blocking LOLBins.[/B] Blocking LOLBins in enterprises is another story (highly recommendable). People who are not convinced can look at examples (taken from the SWH thread): Nobelium: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-945840']Q&A - Simple Windows Hardening[/URL] Zloader: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-970934']Q&A - Simple Windows Hardening[/URL] Log4Shell: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-971687']Q&A - Simple Windows Hardening[/URL] GootLoader: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-971785']Q&A - Simple Windows Hardening[/URL] Emotet: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973099']Q&A - Simple Windows Hardening[/URL] Warzone and AgentTesla: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973109']Q&A - Simple Windows Hardening[/URL] AsyncRAT: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973380']Q&A - Simple Windows Hardening[/URL] Shuckworm RATS: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973847']Q&A - Simple Windows Hardening[/URL] Muddywater: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973919']Q&A - Simple Windows Hardening[/URL] SolarMarker: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-973934']Q&A - Simple Windows Hardening[/URL] BazarLoader: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-974122']Q&A - Simple Windows Hardening[/URL] PPAM attack: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-974196']Q&A - Simple Windows Hardening[/URL] HTML ---> ISO ---> scripts: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-975059']Q&A - Simple Windows Hardening[/URL] Hermetic Wiper: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-976772']Q&A - Simple Windows Hardening[/URL] Asylum Ambuscade spear-phishing: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-977598']Q&A - Simple Windows Hardening[/URL] Quakbot: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-978585']Q&A - Simple Windows Hardening[/URL] Vidar infostealer: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-980775']Q&A - Simple Windows Hardening[/URL] [B](RunBySmartscreen) <----- attack blocked by H_C[/B] Emotet: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-985880']Q&A - Simple Windows Hardening[/URL] IceID (Cobalt Strike, Quantum ransomware): [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-985951']Q&A - Simple Windows Hardening[/URL] Fileless RAT (CHM file): [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/page-25#post-988985']Q&A - Simple Windows Hardening[/URL] SocGholish: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-989692']Q&A - Simple Windows Hardening[/URL] TA551 phishing campaigns: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-989778']Q&A - Simple Windows Hardening[/URL] GuLoader: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-989993']Q&A - Simple Windows Hardening[/URL] [B](RunBySmartscreen) [B] <----- attack blocked by H_C[/B][/B] Follina exploit: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-992545']Q&A - Simple Windows Hardening[/URL] AstraLocker 2.0: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-995210']Q&A - Simple Windows Hardening[/URL] Raspberry Robin worm: [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-995348']Q&A - Simple Windows Hardening[/URL] Magniber (CPL variant): [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-998128']Q&A - Simple Windows Hardening[/URL] Batloader (MSI [I]PowerShellScriptInline[/I] custom action): [URL='https://malwaretips.com/threads/simple-windows-hardening.102265/post-1014030']Question - Simple Windows Hardening[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
