Windows

Dotnet.exeDotnet.exe

Platform
Windows
Abuse functions
4
Mapped techniques
2

Description

Dotnet.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: AWL Bypass, Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Dotnet.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 4

AWL BypassT1218

Execute code bypassing AWL

ExecuteT1218

Execute DLL

ExecuteT1059

Execute arbitrary F# code

AWL BypassT1218

Execute code bypassing AWL

MITRE ATT&CK techniques· 2

T1218T1059

Uses2

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont1218100%live
TechniqueCommand and Scripting Interpretert1059100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
dotnet
LOLbin
Aspnet_Compiler.exe
LOLbin
wt.exe
LOLbin
dnx.exe
LOLbin
Msdt.exe
LOLbin
Bash.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.