LOLBINed — F-Secure Support Tool (FSDIAG)

F-Secure Logo

Introduction

Freedom VPN

Hello FSDIAG
Procmon Trace
Procmon Trace
Screenshot from “basic.ini”
run "%SYSTEM32%\ipconfig.exe" "/all" lolbin\ipconfig.log
Ipconfig Executed
Maybe silent mode?
Maybe control output?
  • Download “FreedomVPN” and install it (Or any other F-Secure product embedded with the tool).
  • Copy “fsdiag.exe” from the install folder to a location of your choosing.
  • Create a “.ini” file with whatever name you like(example “lolbin.ini”) and insert any command following the same schema as the files mentioned above.
run "%SYSTEM32%\whoami.exe" "/all" lolbin\whoami.log
  • Open an admin prompt and execute the following command (The “out” arguments point to the results file.
fsdiag.exe --silent lolbin.ini --out results.zip
  • Now enjoy your free signed LOLBIN…I guess.
Results

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nasreddine Bencherchali

I write about #ThreatHunting #WindowsInternals #Malware #DFIR and occasionally #Python.