Exploring LOLBINs

Sep 30, 2025

Keeping it Simple: Living-Off-The-Land Binaries (LOLBINs) are built-in Windows executables that attackers abuse or manipulate to perform malicious activities, rather than their original intent.

For analysts, it is common to see executables like powershell.exe or explorer.exe abused.

If you are interested in seeing examples, see my favorite resources:

‹ Exploring DLL Injection

Exploring Rootkits ›

Create a free website with Framer, the website builder loved by startups, designers and agencies.