LOLSpoof is a an interactive shell program that automatically spoof the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin (e.g. powershell -w hidden -enc ZwBlAHQALQBwAHIAbwBjAGUA....) and LOLSpoof will ensure that the process creation telemetry appears legitimate and clear.
Process command line is a very monitored telemetry, being thoroughly inspected by AV/EDRs, SOC analysts or threat hunters.
lolbin.exe " " * sizeof(real arguments)Although this simple technique helps to bypass command line detection, it may introduce other suspicious telemetry:
Ubuntu 20.04 LTS (code name Focal Fossa) was released on April 23, 2020. It is a…
Google Chrome is the most widely used web browser in the world. It is fast, secure,…
Java is one of the most widely used programming languages in the world. It runs on…
Raspberry Pi is the most popular single-board computer ever made. It is small, affordable, and surprisingly…
pip is Python's package manager. It lets you search, download, and install packages from the Python Package…
MySQL is the most popular open-source relational database management system. It is fast, reliable, and a…