So LOL means “Living off the Land” which means basically using whatever is on the system instead of bringing your own tools. There are many binaries on both linux and windows which you can use and are built into the system to download, execute, etc. and they are also legitimate tools which makes it less likely for AV, EDR, etc. to detect while also leveraging existing tools. Keeping track of these binaries are a pain so this nice little website just has everything there which makes it a lot easier.
I don’t think I explained well, but here are some articles:
Ah, that makes perfect sense, thanks! Some EDRs will flag system binaries that are not in the “standard” folder, though. I was trying to chain a few binaries together (not for red teaming or anything like that), and S1 flagged and deleted all of them from my folder. It was very frustrating.
So LOL means “Living off the Land” which means basically using whatever is on the system instead of bringing your own tools. There are many binaries on both linux and windows which you can use and are built into the system to download, execute, etc. and they are also legitimate tools which makes it less likely for AV, EDR, etc. to detect while also leveraging existing tools. Keeping track of these binaries are a pain so this nice little website just has everything there which makes it a lot easier.
I don’t think I explained well, but here are some articles:
https://res.armor.com/resources/threat-intelligence/living-off-the-land-attacks/
https://www.securityhq.com/blog/security-101-lolbins-malware-exploitation/
https://darktrace.com/blog/living-off-the-land-how-hackers-blend-into-your-environment
There is also “Staying off the Land” and “Bring your own Land”. It’s really fascinating.
Ah, that makes perfect sense, thanks! Some EDRs will flag system binaries that are not in the “standard” folder, though. I was trying to chain a few binaries together (not for red teaming or anything like that), and S1 flagged and deleted all of them from my folder. It was very frustrating.
Unfortunately, it is a lot of trial and error.
That makes sense. This may be a loaded question, but do you have any suggestions?