Using LOLbins for Tool Downloads

LOLbins won't have you laughing when threat actors "live off the land" to leverage tools and capabilities that are already present in the target environment to achieve objectives. Learn how to detect common adversary techniques such as Ingress Tool Transfer in this course.

Time
1 hour 20 minutes
Difficulty
Intermediate
CEU/CPE
1
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course Content
Module 1: APT41 Introduction
Campaign Overview
10m
Module 2: Using LOLbins for Tool Downloads

2.1What is the “Ingress Tool Transfer” Technique?

10m

2.2Detection, Validation, and Mitigation (Lab)

1h
Course Description

“LOL”, in this case, is an acronym for “Living off the Land”. This term is used when an adversary leverages tools and capabilities that are already present in the target environment to execute additional TTPs and achieve objectives. In the case of T1105: Ingress Tool Transfer, that means using programs like FTP that are already present on a target system to download more tools to that system.

The primary risk from this technique is that the adversary will achieve an expansion of their capabilities within the target environment, system, or application through additional tooling.

Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT41 (aka Double Dragon). Prevent adversaries from accomplishing the tactic of command and control.

Instructed By
Chris Daywalt
Chris Daywalt
Security Freelancer
Instructor
Matthew Mullins
Matthew Mullins
Technical Manager, Red Team
Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a Using LOLbins for Tool Downloads Certificate of Completion