Understanding Living Off the Land Binaires (LOLBINs) is essential for recognizing and thwarting the malicious use of native utilities during your investigations.
We will share several important lessons such as:
- A comprehensive overview of commonly observed LOLBIN techniques.
- An exclusive demonstration of various LOLBIN attacks
- Analysis of a newly discovered log capturing an SQL injection attack that leads to the execution of multiple LOLBINs.
- Mitigation and prevention strategies
This session will enable every security professional with the ability to better understand, detect and prevent attacks that rely on leveraging LOLBINs.
Resources:
- Presentation Slides
- Links:
- Blue Cape Security Discord server: https://discord.gg/BcswUDqbWk
- Symantec Living off the land report: https://docs.broadcom.com/doc/living-off-the-land-turning-your-infrastructure-against-you-en
- LOLBAS Project: https://lolbas-project.github.io/#
- FortiClient CVE disclosure: https://fortiguard.fortinet.com/psirt/FG-IR-24-007
- XP_CMDShell: https://www.mssqltips.com/sqlservertip/1020/enabling-xpcmdshell-in-sql-server/
- CISA LOLBINs Guidance: https://www.cisa.gov/sites/default/files/2024-02/Joint-Guidance-Identifying-and-Mitigating-LOTL_V3508c.pdf
- Microsoft Application Policy: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac
Average Review Score:
★★★★★
You must log in and have started this course to submit a review.