Skip to content
/ LivingOffTheLand Public

Examples of "Living of the Land" i.e. standard tools typically found with high prevalence on endpoints that could be abused.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OSUso/LivingOffTheLand

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
LivingOffTheLand.txt
LivingOffTheLand.txt
 
 
README.md
README.md
 
 
_config.yml
_config.yml
 
 

Repository files navigation

Living Off The Land

or Apps going rogue, Sleeper apps :) you get the point

SecureWorks coined the term 'Living Off the Land'. The term refers to threat actors "using credentials, systems, and tools they collect along the way instead of backdoors".

This is an collection of examples of legitimate tools/commands reported to have been used by Hackers. The list includes only examples where I could locate an actual reference and where there is high prevalence i.e. it is typically found by "default" on many endpoints. Also considered for inclusion tools signed by publishers that are likely configured to be approved by application whitelisting implementation (like PSExec and Delete signed by Microsoft).

What Can you do with this list?

Review and make decisions if there is something you should be somehow managing, for example:

  1. Control it through application whitelisting, manage who can execute it.
  2. Remove it from the system.
  3. Monitor for their execution.

If you find anything to add/change let me know.

About

Examples of "Living of the Land" i.e. standard tools typically found with high prevalence on endpoints that could be abused.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published