Sign InSign Up

What is a Lollib | Definition and Meaning

Last modified on Sunday, October 8, 2023

2 minute read

Defining Lollib

A Live off the Land Binary, or a Lolbin is a legitimate system binary such as a DLL that comes shipped with Windows operating systems that an attacker can leverage in attacks such as a fileless malware attack. The Lolbin definition may also include legitimate and signed administration tools that are not pre-installed, but that can be downloaded from official Windows sources. For example, PsExec.

Thousands of DLLs come pre-installed with Windows, and are a shared pool of resources used for legitimate purposes, designed to lower Windows program size (DLLs account for several GBs of Windows installs) and to avoid re-inventing the wheel. With so many DLLs there is a risk of misuse from known and unknown vulnerabilities. DLL Search Order Hijacking and DLL side loading makes it easier for an attack to further hijack other DLLs. Lolbins have a disproportinately high usage by Advaned Persistent Threats (APTs).

Lolbin Examples:

Also called:

  • Live off the Land Binary
  • Living off the Land Binary
  • LotlBin
  • Lolbin

See also:

For a community-maintained list of examples, see the Lolbas Github project.

Share this article

Stellastra The Cyber Security Comparison Platform

© 2023 Stellastra Ltd. All rights reserved. All names, logos, trademarks, etc belong to their respective owners. No endorsement or partnership is necessarily implied between company and Stellastra and vice versa. Information is provided for convenience only and may not always be accurate. For the most up to date information, contact vendor directly. Scores including email security, SPF, and DMARC are calculated based on certain metrics and other analyses may return different results.



About StellastraContact usCyber Security Risk ScoreEmail Deliverability ToolStellastra Discover

Stay up to date