Windows
Bash.exeBash.exe
Platform
Windows
Abuse functions
5
Mapped techniques
2
Description
Bash.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute, AWL Bypass. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Bash.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.
Abuse functions· 5
ExecuteT1202
Performs execution of specified file, can be used as a defensive evasion.
ExecuteT1202
Performs execution of specified file, can be used as a defensive evasion.
ExecuteT1202
Performs execution of specified file, can be used as a defensive evasion.
AWL BypassT1202
Performs execution of specified file, can be used to bypass Application Whitelisting.
ExecuteT1218
Execute a payload as a child process of `bash.exe` while masquerading as WSL.
MITRE ATT&CK techniques· 2
Uses2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | System Binary Proxy Executiont1218 | 100% | live |
| Technique | Indirect Command Executiont1202 | 100% | live |
Abuses1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | System Binary Proxy Executiont1218 | 85% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.