Bypassing Traditional WMIExec Detection with a File‑less WMI Lateral Movement Technique

The article dissects a stealthy, file‑less WMI lateral movement method that avoids the obvious Win32_Process.Create signature by hijacking stopped LocalSystem services, leveraging the LOLBIN ScriptRunner.exe to execute remote SMB scripts, automatically restoring the service and leaving minimal forensic traces.

Detection EvasionFileless AttackLOLBIN

0 likes · 7 min read

Bypassing Traditional WMIExec Detection with a File‑less WMI Lateral Movement Technique

Black & White Path

Mar 14, 2026 · Information Security

Godzilla Reflection AES Plugin with Data‑Flow Break: A Webshell Generator that Evades Detection

The article introduces VeilShell, a Godzilla‑based reflection AES encryptor combined with a Data‑Flow Break and dynamic callback technique to generate PHP webshells, presents detailed evasion test results against Changting, Alibaba and VirusTotal scanners, and provides performance metrics and a GitHub link for acquisition.

AES encryptionData-Flow BreakDetection Evasion

0 likes · 3 min read

Godzilla Reflection AES Plugin with Data‑Flow Break: A Webshell Generator that Evades Detection