Glossary

LIVING OFF THE LAND / LOLBINS / LOLBAS
defined.

Adversary tradecraft that uses built-in operating system binaries and trusted tools to achieve attacker objectives without dropping new files.

A–Z

What is Living Off the Land (LOLBins / LOLBAS)?

PowerShell, WMI, certutil, mshta, regsvr32, rundll32 — all signed Microsoft binaries that can download, decode, or execute payloads. The LOLBAS project catalogues over 200 such binaries. Defence relies on behavioural detection (command-line and parent-process anomalies), not file hashes.

Related terms.

Lateral Movement
Persistence (security)
Command and Control (C2)
MITRE ATT&CK

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

LIVING OFF THE LAND / LOLBINS / LOLBASdefined.

What is Living Off the Land (LOLBins / LOLBAS)?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

LIVING OFF THE LAND / LOLBINS / LOLBAS
defined.

BOOK A FREE
scoping call.