Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Using legitimate Windows binaries to perform malicious actions is described by the term LOLBin. Attackers repurpose trusted system executables—like cmd.exe, powershell.exe, mshta.exe, regsvr32.exe, certutil.exe, and others—to carry out tasks such as downloading payloads, executing commands, or exfiltrating data. Because these tools are legitimate parts of the OS, they can blend in with normal activity, making detection harder unless security monitoring focuses on unusual usage patterns, atypical arguments, or suspicious parent-child process relationships. The expanded form, Living off the Land Binaries, conveys the same idea, but the shorthand LOLBin is the commonly used label for this tactic.

Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Get the latest from Examzify