← Back to Living Off the Land Binaries (LOLBins)

Living Off the Land Binaries (LOLBins) Quiz

7 questions


1.What does 'living off the land' mean in an offensive security context?

2.Why are LOLBins like rundll32.exe and installutil.exe effective for bypassing application allowlisting?

3.An attacker uses PowerShell, WMI, and dsquery to enumerate users, groups, and domain controllers. No alert fires. What best explains this?

4.What two distinct gains does living off the land provide an attacker?

5.Why might an attacker invoke PowerShell version 2 (--version 2) on a target host?

6.How would you explain the risk of living off the land to a non-technical stakeholder?

7.A candidate says: 'Living off the land just means running commands that are already on the box; no skill involved since the tools are built in.' What is wrong with this answer?