[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-31726":3,"doc-seo-31726":27},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"file_id":15,"file_url":16,"file_type":17,"file_size":18,"view_count":19,"is_deleted":4,"is_public":19,"is_downloadable":19,"audit_status":19,"page_count":20,"language":21,"language_code":22,"table_of_contents":23,"faqs":24,"seo_title":13,"seo_description":14,"update_tm":25,"read_time":26},31726,962075114101,"Seraphina","https://ap-avatar.wpscdn.com/avatar/e000253a75eb197efd?x-image-process=image/resize,m_fixed,w_180,h_180&k=1780044092746381165",8,"Research & Report","Trusted Yet Disguised: Analysing the Subversive Role of LOLBins in Contemporary Cyber Threats","Advanced detection and next-generation defenses have increased adversary sophistication, leading malware authors to craft disguised payloads that resemble benign behavior. A key enabler is the abuse of Windows signed executables and libraries (LOLBins), trusted because they are digitally signed by Microsoft. The study dynamically analyzes five distinct cyber attacks to measure LOLBin ubiquity and role, observing ~51% usage across ransomware, cryptominers, APTs, information stealers, and RATs/trojans, with ransomware and miners showing higher LOLBin diversity.","cbCaijc2Yj5Xbwha","https://ap.wps.com/l/cbCaijc2Yj5Xbwha","pdf",3890833,1,10,"English","en","# Introduction\n## Fileless threats and their variants\n## Abuse of Windows signed binaries (LOLBins)\n## Research objectives and approach","[{\"question\":\"Why do LOLBins help attackers evade defenses in Windows environments?\",\"answer\":\"LOLBins are trusted Windows signed executables and libraries digitally signed by Microsoft. This trust makes antivirus and IDS less likely to flag them as malicious.\"},{\"question\":\"How was LOLBin usage evaluated in the research?\",\"answer\":\"The work uses dynamic analysis to examine the presence and roles of LOLBins across five distinct cyber attacks, assessing ubiquity and how these binaries contribute to malicious objectives.\"},{\"question\":\"What roles do the same LOLBins play across different attack variants?\",\"answer\":\"The analysis identifies distinct roles for the same LOLBins in variants, including evading defense strategies, downloading payloads, and providing stealth.\"}]",1780002135,25,{"code":4,"msg":28,"data":29},"ok",{"site_id":30,"language":22,"slug":31,"title":13,"keywords":32,"description":14,"schema_data":33,"social_meta":85,"head_meta":87,"extra_data":89,"updated_unix":25},105,"trusted-yet-disguised-analysing-the-subversive-role-of-lolbins-in-contemporary-cyber-threats","",{"@graph":34,"@context":84},[35,52,67],{"@type":36,"itemListElement":37},"BreadcrumbList",[38,42,46,49],{"item":39,"name":40,"@type":41,"position":19},"https://docshare.wps.com","Home","ListItem",{"item":43,"name":44,"@type":41,"position":45},"https://docshare.wps.com/document/","Document",2,{"item":47,"name":12,"@type":41,"position":48},"https://docshare.wps.com/document/research-report/",3,{"item":50,"name":13,"@type":41,"position":51},"https://docshare.wps.com/document/trusted-yet-disguised-analysing-the-subversive-role-of-lolbins-in-contemporary-cyber-threats/31726/",4,{"url":50,"name":13,"@type":53,"author":54,"headline":13,"publisher":56,"fileFormat":59,"description":14,"dateModified":60,"datePublished":61,"encodingFormat":59,"isAccessibleForFree":62,"interactionStatistic":63},"DigitalDocument",{"name":9,"@type":55},"Person",{"url":39,"name":57,"@type":58},"DocShare","Organization","application/pdf","2026-05-29","2026-05-28",true,{"@type":64,"interactionType":65,"userInteractionCount":19},"InteractionCounter",{"@type":66},"ViewAction",{"@type":68,"mainEntity":69},"FAQPage",[70,76,80],{"name":71,"@type":72,"acceptedAnswer":73},"Why do LOLBins help attackers evade defenses in Windows environments?","Question",{"text":74,"@type":75},"LOLBins are trusted Windows signed executables and libraries digitally signed by Microsoft. This trust makes antivirus and IDS less likely to flag them as malicious.","Answer",{"name":77,"@type":72,"acceptedAnswer":78},"How was LOLBin usage evaluated in the research?",{"text":79,"@type":75},"The work uses dynamic analysis to examine the presence and roles of LOLBins across five distinct cyber attacks, assessing ubiquity and how these binaries contribute to malicious objectives.",{"name":81,"@type":72,"acceptedAnswer":82},"What roles do the same LOLBins play across different attack variants?",{"text":83,"@type":75},"The analysis identifies distinct roles for the same LOLBins in variants, including evading defense strategies, downloading payloads, and providing stealth.","https://schema.org",{"og:url":50,"og:type":86,"og:title":13,"og:site_name":57,"og:description":14},"article",{"robots":88,"canonical":50},"index,follow",{"doc_id":7,"site_id":30}]