https://hackingpassion.com/tags/lolbin/Recent content in Lolbin on HackingPassion.com : root@HackingPassion.com-[~]HugoenTue, 14 Apr 2026 12:06:26 +0200https://hackingpassion.com/msbuild-lolbin-fileless-attack/Tue, 14 Apr 2026 12:06:26 +0200https://hackingpassion.com/msbuild-lolbin-fileless-attack/<p><strong>MSBuild.exe</strong> is a <strong>LOLBin</strong>, a legitimate Windows tool being abused to run malware on fully patched machines without dropping a single file on disk, and Windows Defender does not raise an alert because MSBuild.exe carries Microsoft&rsquo;s own digital signature and many security tools treat it as trusted by default. There is no patch coming because nothing here is broken. MSBuild.exe is doing exactly what Microsoft designed it to do. 😏</p> <p><code>MSBuild.exe</code>, the Microsoft Build Engine, has been part of the .NET Framework and Visual Studio for years. Software developers use it to compile and build applications from XML-based project files. Because Microsoft built it and signed it, Windows trusts it completely. AppLocker trusts it. Windows Defender Application Control trusts it. Most endpoint security solutions wave it through without a second look, because as far as they are concerned, it is a legitimate Microsoft tool doing its job.</p>