How to threat hunt Living Off The Land binaries

by CybrGPT
0 comment

In this Help Net Security video, Lee Archinal, Senior Threat Hunter at Intel 471, walks through practical strategies for detecting malicious activity involving Living Off The Land binaries (LOLBins).

These are legitimate tools built into operating systems, such as PowerShell, that can be hijacked by attackers to evade detection. Archinal explains how to identify suspicious usage based on user roles, abnormal behavior, and log data, and dives into techniques such as encoded command detection, process injection, and time stomping.

He also highlights key resources like MITRE ATT&CK and Sysmon logs to help security teams build effective, data-driven threat hunting hypotheses.

Source link

You may also like

Leave a Comment

Stay informed with the latest in cybersecurity news. Explore updates on malware, ransomware, data breaches, and online threats. Your trusted source for digital safety and cyber defense insights.

BuyBitcoinFiveMinute

Subscribe my Newsletter for new blog posts, tips & new photos. Let’s stay updated!

© 2025 cybrgpt.com – All rights reserved.