All news with #living-off-the-land tag

Stopping Living-off-the-Land Abuse of Trusted Tools

🔒 CrowdStrike highlights how attackers increasingly weaponize trusted software—RMM tools, built-in Windows utilities, and admin binaries—to evade detection and operate within networks. The Falcon platform layers behavioral IOAs, custom controls, and Exposure Management and now adds APEX, a machine-learning model that analyzes command-line syntax, parameters, process lineage, timing, and context to detect LOLbin abuse. APEX is generally available for Windows and aims to raise detection while reducing false positives.

Novel LOTL and File-Based Evasion Techniques Rising

🔍The Q2 2025 HP Wolf Threat Insights Report describes how threat actors are increasingly chaining living‑off‑the‑land (LOTL) tools and abusing uncommon file types to evade detection. Attackers hide final payloads inside images or use tiny SVGs that mimic legitimate interfaces, then execute code via native Windows processes like MSBuild. These methods leverage trusted sites and native binaries to bypass filters and complicate incident response.