ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

[SANS Webcast] Dissecting Living off the Land Techniques

To fulfill the needs of system administrators and power users, for decades Microsoft has been releasing Windows tools that provide high-level command-line interfaces to interact with the system: execute scripts, change operating system and user settings, install programs, download or modify files.

Naturally, attackers have also adopted these easy-to-use, Microsoft-provided tools to both make malware development easier, and to bypass security mitigations.

Because such tools aim to provide the widest possible functionality to legitimate users, they often implement unexpected features. With a bit of creativity, these often-half-forgotten features can be used to download files or achieve code execution. Because the tools are signed by Microsoft, they also provide the attacker with a way to execute malicious code with Microsoft-signed binaries without code injection, defeating application whitelisting. The umbrella term for attack techniques using Microsoft-signed tools in such a way is often referred to as Living Off the Land (LOL), and the binaries used in the technique as LOLBINs.

In this webcast, SANS Analyst Jake Williams and VMRay Sr. Threat Analyst Tamas Boczan viewers will:

Explain what LOLBINs are commonly used in the wild by malware,
Showcase real-world examples of interesting LOL techniques,
Show you how to hunt for attacks using the techniques and defend against them.

Try VMRay

Covered in The Webinar

MIRAI-Linux-Malware-Demo
Linux-Powers-the-Cloud-
Linux-Threat-Landscape-2023
Malware-Sandboxing-Linux-Features

About The Speakers

Patrick Staubmann

Threat Researcher

Patrick Staubmann joined VMRay as a threat researcher back in 2019. As part of the Threat Analysis team, he continuously researches the threat landscape and conducts analyses of malware samples in depth. To further improve the companies’ product, he also extends its detection capabilities in form of behaviour-based rules, YARA rules, and configuration extractors. He is especially interested in reverse-engineering, low-level system security and exploitation.

Fatih Akar

Security Product Manager

As the Security Product Manager of VMRay, Fatih Akar leads the Advanced Threat Detection & Analysis related product initiatives. Before joining the products team, he worked as a Solution Engineer at VMRay, liaising between customers, quality assurance, and product management. Before joining VMRay, Fatih held various security engineering roles in large enterprises which operate in multi-national locations.

Explore Valuable Cybersecurity Resources

User Reported Phishing:
How it Works

Download this eBook and learn how VMRay can help speed incident response with automated phishing triage and analysis.

Download Now

Advanced Sandboxing: Supercharging your SOC

Watch this webinar and learn expert strategies for extracting IOCs, using YARA rules, and boosting perimeter security with STIX.

Watch The Webinar

Defeating Anti-Sandbox Evasion Checks

Download our solution brief to learn how to stay ahead of advanced malwares’ tricks and ensure zero-day threats catch.

Download Now

Request A Free Trial Now

Subscribe to our Newsletter

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2024 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay