Fighting Living off the Land Attacks – Where they are not
Abstract
This article explores an approach for security analysts to reduce the burden of looking for LOLBINs. Given attackers these days do not place malware in the target environments and instead orchestrate attacks living off the land, the detection of these is a massive undertaking for security analysts. Since the LOLBINs are common day and trusted binaries, the attacker tools are basically inseparable from legitimate daily use tools. Even if there is a known list of LOLBINs, keeping an eye on every use of these for legitimate vs. suspicious use is a daunting task. The devices to look for such behaviors needs to be narrowed down. A different approach for the process of elimination can help identify a narrowed list of devices to focus on when looking for suspicious behaviors of LOLBINs. At minimum, prioritizing the list of devices to go after, with a “red team” mentality can help.
How to Cite This Article
Anand Athavale (2025). Fighting Living off the Land Attacks – Where they are not . International Journal of Multidisciplinary Research and Growth Evaluation (IJMRGE), 6(4), 1437-1440. DOI: https://doi.org/10.54660/.IJMRGE.2025.6.4.1437-1440