Security Living off the Land: Abusing LOLBAS Binaries on Windows
How attackers abuse certutil, bitsadmin, mshta, regsvr32 and rundll32 to download, execute and evade — plus blue-team detection.
Security Engineer's blog on Active Directory, Malware Analysis, and Offensive Security.
