H?ckers A[r]e Gl*bbing

The video introduces LOLGlobs, a community‑driven repository that catalogs wildcard‑based command‑line obfuscation techniques for Linux, macOS, Windows CMD, and PowerShell. Originating from a security‑operations Slack channel and authored by HexV1N at ReliaQuest, the project builds on earlier efforts like Argfuscator and the broader “living‑off‑the‑land” (LOL) ecosystem, providing a searchable API for analysts to explore evasion patterns.

Key insights include the prevalence of command‑obfuscation as a top detection‑evasion tactic, the use of asterisks and question marks to mask critical binaries, and the seamless integration of these tricks with native OS utilities such as where.exe, for‑loops, and PowerShell aliases like IWR and IEX. The presenter demonstrates a full attack chain: hosting a benign payload on Pastebin, shortening the URL, then invoking it via a heavily obfuscated PowerShell command that never reveals the literal Invoke‑WebRequest or Invoke‑RestMethod strings.

Notable examples feature a side‑by‑side comparison with Argfuscator, a deep dive into Windows CMD nuances, and the use of the PolyUploader tool to scatter payloads across obscure file‑hosting services. The speaker also highlights ExaForce’s agentic AI, which combines semantic, behavioral, and knowledge models to parse such complex patterns without the “black‑box” uncertainty of generic LLMs.

The implications are clear: traditional signature‑based detections will miss these wildcard‑driven attacks, prompting SOCs to adopt more context‑aware analytics and AI‑assisted tooling. By centralizing obfuscation techniques, LOLGlobs equips defenders with the intel needed to harden detection rules and automate response, while also underscoring the growing importance of AI platforms like ExaForce in scaling threat‑hunt operations.