living off the land

0001-01-01

Living off the land is a technique employed by threat actors in which they use tools that are already on their victim’s system rather than uploading additional binaries or scripts in order to carry out their objective.

These are cataloged as LOLbins or LOLBAS. On Linux and Unix systems, this concept is known as GTFObins.

Living off the land presents a few challenges to cybersecurity professionals. On the defensive side, it may be used to avoid detection. Anti-virus software will typically not quarantine software belonging to the operating system that has been signed or been marked as “goodware”. Living off the land can also be used to bypass application whitelisting/allowlisting.

https://lolbas-project.github.io/