Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the SANS FOR508 Exam. Use flashcards and multiple-choice questions, each with hints and explanations. Maximize your readiness for the test!

Multiple Choice

Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Using legitimate Windows binaries to perform malicious actions is described by the term LOLBin. Attackers repurpose trusted system executables—like cmd.exe, powershell.exe, mshta.exe, regsvr32.exe, certutil.exe, and others—to carry out tasks such as downloading payloads, executing commands, or exfiltrating data. Because these tools are legitimate parts of the OS, they can blend in with normal activity, making detection harder unless security monitoring focuses on unusual usage patterns, atypical arguments, or suspicious parent-child process relationships. The expanded form, Living off the Land Binaries, conveys the same idea, but the shorthand LOLBin is the commonly used label for this tactic.

Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Prepare for the SANS FOR508 Exam. Use flashcards and multiple-choice questions, each with hints and explanations. Maximize your readiness for the test!

Which term is used to describe the tactic of using legitimate Windows binaries for malicious purposes?

Get the latest from Examzify