· 2 min read

What is a Lolbin | Definition and Meaning

What Is A Lolbin | Definition and Meaning

What Is A Lolbin | Definition and Meaning

A Living off the Land Binary, or a Lolbin, is a legitimate system binary such as a DLL that comes shipped with Windows operating systems that an attacker can leverage in attacks such as a fileless malware attack. The Lolbin definition may also include legitimate and signed administration tools. For example, PsExec.

Lolbin Definition and Meaning

Thousands of DLLs come pre-installed with Windows, and are a shared pool of resources used for legitimate purposes, designed to lower Windows program size (DLLs account for several GBs of Windows installs) and to avoid re-inventing the wheel. With so many DLLs there is a risk of misuse from known and unknown vulnerabilities. DLL Search Order Hijacking and DLL side loading makes it easier for an attack to further hijack other DLLs. Lolbins have a disproportinately high usage by Advaned Persistent Threats (APTs).

Lolbin Examples:

  • Presentation Host: Executes XAML Browser Application (XBAP) files, can therefore be used to execute a malicious XBAP file.
  • Rundll32.exe: Used by Windows to execute DLL files. Can be used for attacks including Pass-Thru Command Execution and Lateral Movement.
  • Certutil: Used for certificate handling. Used in the Kaseya Ransomware Attack.

Examples of lolbin attacks

  • Kaseya Ransomware Attack (REvil): The legitimate Certutil.exe binary was used to launch the ransomware.
  • WastedLocker Ransomware: Rundll32.exe was used in the WastedLocker Ransomware Attack.

Also called:

  • Live off the Land Binary
  • Living off the Land Binary
  • LotlBin
  • Lolbin

See also:

For a community-maintained list of examples, see the Lolbas Github project.

Agreed upon as an official term alongisde LOLScripts in 2018.

    Share:
    Back to Blog

    Related Posts

    View All Posts »
    What does 10/100 MBPS Ethernet Mean?

    What does 10/100 MBPS Ethernet Mean?

    Learn what 10/100 Ethernet means, its role in networking with 10/100 Mbps speeds, and how cables and switches utilize this standard effectively.

    Anti Spam Laws Around the World

    Anti Spam Laws Around the World

    Spam, unsolicited electronic communication, has become a global issue that affects individuals, businesses, and governments alike. Various countries have developed anti-spam laws to protect consumers from unwanted emails, messages, and other forms of digital marketing. These laws vary by region, but they generally focus on requiring consent from recipients, providing clear opt-out mechanisms, and penalizing violators with hefty fines. Below is an overview of key anti-spam regulations from the United States, Canada, New Zealand, Australia, Ireland, and the United Kingdom.