近年来,“Living-Off-The-Land binary(LOLbin)”已经成为一个常用词,用来指在网络攻击中广泛使用的二进制文件。历史上,“Living-Off-The-Land”一直被用来表示可以为农业或狩猎提供喂养土地或离地的概念。转换为恶意软件和入侵领域,攻击者可能利用那些已经可以使用的文件(即系统上已经存在或易于安装的)来发起攻击并...
From a defender’s point of view, it iscrucialto understand these attacks and study their trendsin order to be able to react in a timely manner. One evasive tactic that has become popular among both red teams and malware authors is theusageof Living-Off-The-Land (LotL) techniques. By l...
近年来,“Living-Off-The-Land binary(LOLbin)”已经成为一个常用词,用来指在网络攻击中广泛使用的二进制文件。历史上,“Living-Off-The-Land”一直被用来表示可以为农业或狩猎提供喂养土地或离地的概念。转换为恶意软件和入侵领域,攻击者可能利用那些已经可以使用的文件(即系统上已经存在或易于安装的)来发起攻击并...
LotL techniques refer to the use of binaries that are already present on systems or are easy to install (e.g., signed, legitimate administration tools) to conduct post-exploitation activity. 2.APT中的离地攻击 离地攻击并不是隐蔽的技术,它们在互联网上公开记录着。许多开源的攻击安全工具利用了LotL...
摘要:这篇文章属于系统分析类的文章,通过详细的实验分析了离地攻击(Living-Off-The-Land)的威胁性和流行度,包括APT攻击中的利用及示例代码论证。 本文分享自华为云社区《[论文阅读] (21)S&P21 Survivalism: Living-Off-The-Land经典离地攻击》,作者:eastmount。
民间证据表明离地攻击技术(Living-Off-The-Land,LotL)是许多恶意软件攻击中最主要的逃避技术之一。这些技术利用(leverage)系统中已经存在的二进制文件来执行(conduct)恶意操作。 基于此,我们首次对Windows系统上使用这些技术的恶意软件进行大规模系统地调查。
LotL techniques refer to the use of binaries that are already present on systems or are easy to install (e.g., signed, legitimate administration tools) to conduct post-exploitation activity. 2.APT中的离地攻击 离地攻击并不是隐蔽的技术,它们在互联网上公开记录着。许多开源的攻击安全工具利用了Lot...
LotL techniques refer to the use of binaries that are already present on systems or are easy to install (e.g., signed, legitimate administration tools) to conduct post-exploitation activity. 2.APT中的离地攻击 离地攻击并不是隐蔽的技术,它们在互联网上公开记录着。许多开源的攻击安全工具利用了Lot...
The malware authors always look how they can keep the malware stay hidden from various security vendors, either by innovating new techniques or techniques which are already being used by some other malware authors. SonicWall threat research team has observed LokiBot is being delivered to the victim...
LotL techniques refer to the use of binaries that are already present on systems or are easy to install (e.g., signed, legitimate administration tools) to conduct post-exploitation activity. 2.APT中的离地攻击 离地攻击并不是隐蔽的技术,它们在互联网上公开记录着。许多开源的攻击安全工具利用了Lot...