Using LOLbins for Tool Downloads
LOLbins won't have you laughing when threat actors "live off the land" to leverage tools and capabilities that are already present in the target environment to achieve objectives. Learn how to detect common adversary techniques such as Ingress Tool Transfer in this course.
2.1What is the “Ingress Tool Transfer” Technique?
2.2Detection, Validation, and Mitigation (Lab)
“LOL”, in this case, is an acronym for “Living off the Land”. This term is used when an adversary leverages tools and capabilities that are already present in the target environment to execute additional TTPs and achieve objectives. In the case of T1105: Ingress Tool Transfer, that means using programs like FTP that are already present on a target system to download more tools to that system.
The primary risk from this technique is that the adversary will achieve an expansion of their capabilities within the target environment, system, or application through additional tooling.
Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT41 (aka Double Dragon). Prevent adversaries from accomplishing the tactic of command and control.
Complete this entire course to earn a Using LOLbins for Tool Downloads Certificate of Completion