GCIH · Question #759
Which endpoint security bypass technique leverages existing system tools instead of adding executable?
The correct answer is A. Living Off the Land. Living Off the Land (LotL) is an attack technique that abuses pre-installed OS utilities to execute malicious actions without dropping new executables.
Question
Which endpoint security bypass technique leverages existing system tools instead of adding executable?
Options
- ALiving Off the Land
- BCode signing
- CCompile After Delivery
- DGhostwriting
How the community answered
(64 responses)- A88% (56)
- B2% (1)
- C3% (2)
- D8% (5)
Why each option
Living Off the Land (LotL) is an attack technique that abuses pre-installed OS utilities to execute malicious actions without dropping new executables.
Living Off the Land attacks use built-in tools such as PowerShell, WMI, certutil, and msiexec to carry out malicious operations, meaning no new binary needs to be written to disk. This approach evades signature-based endpoint detection controls that rely on identifying unknown or malicious executables.
Code signing is a technique where attackers sign malicious executables with valid certificates to appear trusted, but it still involves introducing a new executable to the system.
Compile After Delivery transfers source code or scripts to the target and compiles them locally, ultimately producing a new executable on the system.
Ghostwriting involves writing malware in obscure languages to evade detection, but it still requires delivering and executing a new binary on the endpoint.
Concept tested: Living Off the Land endpoint security bypass technique
Source: https://attack.mitre.org/techniques/T1218/
Topics
Community Discussion
No community discussion yet for this question.