> So it seems like a catalogue of (possible?) exploits in commonly-available executables, libraries and scripts that may already be present on a target machine
That is pretty correct, but it is not necessarily an exploit or vulnerability in the binary. More often than not, it is a quirk or a way to use the binary which is unknown/uncommon, but might not appear on a defenders' radar.
We generally try to (ab)use functionality in pre-existing software to avoid security mechanisms (like AppLocker) and detections (like AV/EDR, or rules created by a SOC when analysing execution logs in a SIEM). Often we discover that a target computer has been hardened in some form or fashion, and we have to get "creative" when trying to download, execute or exfiltrate data during security assessments.
That is pretty correct, but it is not necessarily an exploit or vulnerability in the binary. More often than not, it is a quirk or a way to use the binary which is unknown/uncommon, but might not appear on a defenders' radar.
We generally try to (ab)use functionality in pre-existing software to avoid security mechanisms (like AppLocker) and detections (like AV/EDR, or rules created by a SOC when analysing execution logs in a SIEM). Often we discover that a target computer has been hardened in some form or fashion, and we have to get "creative" when trying to download, execute or exfiltrate data during security assessments.