· 1 min read

What is a Lollib | Definition and Meaning

What Is A Lollib | Definition and Meaning

What Is A Lollib | Definition and Meaning

A Live off the Land Binary, or a Lolbin is a legitimate system binary such as a DLL that comes shipped with Windows operating systems that an attacker can leverage in attacks such as a fileless malware attack. The Lolbin definition may also include legitimate and signed administration tools that are not pre-installed, but that can be downloaded from official Windows sources. For example, PsExec.

Thousands of DLLs come pre-installed with Windows, and are a shared pool of resources used for legitimate purposes, designed to lower Windows program size (DLLs account for several GBs of Windows installs) and to avoid re-inventing the wheel. With so many DLLs there is a risk of misuse from known and unknown vulnerabilities. DLL Search Order Hijacking and DLL side loading makes it easier for an attack to further hijack other DLLs. Lolbins have a disproportinately high usage by Advaned Persistent Threats (APTs).

Lolbin Examples:

Also called:

  • Live off the Land Binary
  • Living off the Land Binary
  • LotlBin
  • Lolbin

See also:

For a community-maintained list of examples, see the Lolbas Github project.

    Share:
    Back to Blog

    Related Posts

    View All Posts »
    What is SCADA | Definition and Meaning

    What is SCADA | Definition and Meaning

    SCADA, or Supervisory Control and Data Acquisition, is a technology essential for industrial automation, allowing real-time monitoring and control across various sectors.

    What is SFTP | Definition and Meaning

    What is SFTP | Definition and Meaning

    Learn about SFTP, the Secure File Transfer Protocol, its definition, functionality, and security features compared to other file transfer protocols.