Close Menu
TechurzTechurz
    What's Hot

    AI law startup Norm raises $120M, hits unicorn valuation

    July 7, 2026

    This startup pits dealerships against each other to bid on your used car

    July 7, 2026

    Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

    July 7, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • AI law startup Norm raises $120M, hits unicorn valuation
    • This startup pits dealerships against each other to bid on your used car
    • Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom
    • Station F ramps up as a launchpad for Europe’s hottest AI startups
    • Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Guides - Cybercriminals love this ancient Windows tool, but a little-known CLI utility is their new secret weapon
    Guides

    Cybercriminals love this ancient Windows tool, but a little-known CLI utility is their new secret weapon

    TechurzBy TechurzJune 7, 2025Updated:May 12, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Malware attack virus alert , malicious software infection , cyber security awareness training to protect business
    Share
    Facebook Twitter LinkedIn Pinterest Email


    • Netsh.exe is the most abused Windows tool, and it still hides in plain sight
    • PowerShell shows up on 73% of endpoints, not just in admin hands
    • WMIC’s surprising comeback shows attackers favor tools no one’s watching anymore

    A new analysis of 700,000 security incidents has revealed just how extensively cybercriminals exploit trusted Microsoft tools to breach systems undetected.

    While the trend of attackers using native utilities, known as Living off the Land (LOTL) tactics, is not new, the latest data from Bitdefender’s GravityZone platform suggests it’s even more widespread than previously believed.

    A staggering 84% of high-severity attacks involved the use of legitimate system binaries already present on machines. This undermines the effectiveness of conventional defenses, even those marketed as the best antivirus or best malware protection.


    You may like

    Some of the tools most commonly abused will be very familiar to system administrators, including powershell.exe and wscript.exe.

    However, one tool unexpectedly emerged at the top: netsh.exe. A command-line utility for managing network configuration, netsh.exe was found in a third of major attacks – and while it is still used for firewall and interface management, its frequent appearance in attack chains suggests its potential for misuse is underestimated.

    PowerShell remains a key component of both legitimate operations and malicious activity – although 96% of organizations use PowerShell, it was found running on 73% of endpoints, well beyond the scope of what would be expected from administrative use alone.

    Bitdefender found, “third-party applications running PowerShell code without a visible interface” were a common cause.

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    This dual-use nature makes detection difficult, especially for tools not backed by behavior-aware engines.

    It raises questions about whether the best EPP solutions are adequately tuned to account for this blurred line between normal and nefarious use.

    Another surprising finding was the continued use of wmic.exe, a tool that Microsoft has deprecated.

    Despite its age, the analysis shows it is still widely present in environments, often invoked by software seeking system information. It is particularly attractive when attackers are trying to blend in because of its legitimate appearance.

    To tackle this issue, Bitdefender developed PHASR (Proactive Hardening and Attack Surface Reduction). This tool employs a targeted approach that goes beyond simply disabling tools.

    “PHASR goes beyond blocking entire tools, it also monitors and stops the specific actions attackers use within them,” the company said.

    Still, this approach is not without trade-offs. The fundamental dilemma, “can’t live with them, can’t live without them”, remains unresolved.

    You might also like

    Ancient CLI Cybercriminals littleknown love secret Tool utility weapon Windows
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleMonument Valley 3 launches on console and PC on July 22
    Next Article Andorra vs. England: Livestream World Cup 2026 Qualifier Soccer Free From Anywhere
    Techurz
    • Website

    Related Posts

    Opinion

    Littlebird raises $11M for its AI-assisted ‘recall’ tool that reads your computer screen

    March 23, 2026
    Opinion

    Why Garry Tan’s Claude Code setup has gotten so much love, and hate

    March 17, 2026
    Opinion

    Former GitHub CEO raises record $60M dev tool seed round at $300M valuation

    February 10, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    12 Father’s Day E-Card Sites That Are Actually Good

    June 4, 202523

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.