Responding to incidents where adversaries bypassed AV by using only built-in OS tools Do not use for blocking all LOLBin execution outright; these are legitimate system tools with valid administrative ...