nerdexam
GIAC

GCIH · Question #759

Which endpoint security bypass technique leverages existing system tools instead of adding executable?

The correct answer is A. Living Off the Land. Living Off the Land (LotL) is an attack technique that abuses pre-installed OS utilities to execute malicious actions without dropping new executables.

Malware Analysis & Advanced Persistent Threats

Question

Which endpoint security bypass technique leverages existing system tools instead of adding executable?

Options

  • ALiving Off the Land
  • BCode signing
  • CCompile After Delivery
  • DGhostwriting

How the community answered

(64 responses)
  • A
    88% (56)
  • B
    2% (1)
  • C
    3% (2)
  • D
    8% (5)

Why each option

Living Off the Land (LotL) is an attack technique that abuses pre-installed OS utilities to execute malicious actions without dropping new executables.

ALiving Off the LandCorrect

Living Off the Land attacks use built-in tools such as PowerShell, WMI, certutil, and msiexec to carry out malicious operations, meaning no new binary needs to be written to disk. This approach evades signature-based endpoint detection controls that rely on identifying unknown or malicious executables.

BCode signing

Code signing is a technique where attackers sign malicious executables with valid certificates to appear trusted, but it still involves introducing a new executable to the system.

CCompile After Delivery

Compile After Delivery transfers source code or scripts to the target and compiles them locally, ultimately producing a new executable on the system.

DGhostwriting

Ghostwriting involves writing malware in obscure languages to evade detection, but it still requires delivering and executing a new binary on the endpoint.

Concept tested: Living Off the Land endpoint security bypass technique

Source: https://attack.mitre.org/techniques/T1218/

Topics

#Living Off the Land#LOLBins#defense evasion#endpoint bypass

Community Discussion

No community discussion yet for this question.

Full GCIH Practice