A Living off the Land Attack (LotL Attack) employs legitimate system software called binaries,^[0][1] scripts, and libraries for malicious purposes.^[2] Living off the land attacks are made possible through the known and unknown interactions between thousands of preinstalled binaries, scripts, and libraries. Many AV technologies were unable to detect this sort of attack in 2021,^[2] this is due to several reasons, because they're employing legitimate code and it can therefore be difficult to differentiate between the binary being used for its intended purpose, and code being used maliciously. Another reason is that they live in-memory,^[3] leaving no attack footprint on the hard drive. Some attacks may exist as a hybrid, reducing their attack surface by employing lolbins, lolscripts, and lollibs, but which may not be completely fileless. Detection is difficult, and blocking the malware can be difficult due to a high false positive rate.^[2][4]

See also:

• Lollib
• Lolbin
• Lolscript
• Fileless Malware

Living off the Land Attack Synonyms:

• LotL Attack

---

Share this article