Living Off The Land Binaries Explained | TryHackMe

We covered Living Off The Land Binaries that are frequently used in red team engagements. Living Off The Land Binaries are applications and executable that come pre-installed with the operating system. An example is bitsadmin.exe in Windows operating system and ping in Linux. The LOLBAS project contains all binaries that are categorized as living off the land and GTFO bins is its equivalent for Linux operating systems. This was part of the solution walkthrough of TryHackMe Living Off the Land.

Offensive Security Certified Professional Study Notes and Guide

The Complete Practical Web Application Penetration Testing Course

Highlights

Living Off the Land is a trending term in the red team community. The name is taken from real-life, living by eating the available food on the land. Similarly, adversaries and malware creators take advantage of a target computer’s built-in tools and utilities.

The following are some categories that Living Off the Land encompasses:

• Reconnaissance
• Files operations
• Arbitrary code execution
• Lateral movement
• Security product bypass

Another example is LOLBAS which stands for Living Off the Land Binaries And Scripts and whose goal is to gather and document the Microsoft-signed and built-in tools used as Living Off the Land techniques, including binaries, scripts, and libraries.

Additional resources

• GTFOBins — The Linux version of the LOLBAS project.
• Astaroth: Banking Trojan — A real-life malware analysis where they showcase using the Living Off the Land technique used by Malware.

Room Answers

Room answers can be found here.

Video Walkthrough