Microsoft recently, published a conspicuous list of
application that are legitimate and yet could be exploited by hackers to bypass
the Windows defender.
These hackers try to slide into the organizations’ networks
and infect them via bypassing the security imparted by the defender.
The hackers usually make use of off-the-land attack tactics
where they use the victim’s operating system features or authentic network
administration tools to compromise the networks.
The major motive of this project was to comprehend the
binaries that were being misused by the attacker.
Living Off The Land Binaries
Living Off The Land Scripts
Living Off The Land Libraries
Unix Platform Binaries
The only point of fusing the legitimate app is to stay undetected
in order to bypass the security measures of the network.
The LOTL tools are just a way to be as stealthy as possible as
be as malignant as possible without even being easily caught.
The following applications are in the list that Microsoft published
and recommend to do away with if not in use:
Along with the published list Microsoft has also highly
recommended the users to download latest security updates.
In addition it has also provided the “deny file rules” for
Lateral movement and defense evasion happen to be the mostly
used ways to exploit the authentic applications.