GET /api/techniques/123/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 123,
"key": "lolbins",
"unprotect_id": "U1004",
"name": "LOLbins",
"description": "A lolbin (short for \"Living Off the Land Binaries\") is a legitimate Windows utility that can be used by adversaries to execute arbitrary commands. Various Windows utilities may be used to execute commands, possibly without invoking cmd. For example, the Program Compatibility Assistant (pcalua.exe) and components of the Windows Subsystem for Linux (WSL) are examples of lolbins that can be used for this purpose.\r\n\r\nAdversaries may abuse these utilities for Defense Evasion, specifically to perform arbitrary execution while subverting detections and/or mitigation controls (such as Group Policy) that limit/prevent the usage of cmd.",
"resources": "https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599\nhttps://lolbas-project.github.io/",
"creation_date": "2019-03-23T17:37:57Z",
"tags": "lolbin,\r\nWindows utilities,\r\nexecute commands,\r\nProgram Compatibility Assistant (pcalua.exe),\r\nWindows Subsystem for Linux (WSL),\r\nCommand-Line Interface,",
"modification_date": "2023-10-04T10:44:58.518000Z",
"category": [
14
],
"rules": [],
"attachments": [],
"featured_api": [],
"contributors": []
}
