eSecurity Planet: Living Off the Land Attacks: LOTL Definition & Prevention

NetSPI Principal Consultant Derek Wilson is featured in eSecurity Planet, sharing insights on Living Off the Land (LOTL) attacks and how to prevent them. Read the preview below or find the full article at


5 Best Practices for Preventing LOTL Attacks

The following strategies help your business not only prepare for LOTL attacks but also reduce threat actors’ opportunities to compromise your legitimate systems.

Use LOLBINS To Track Binary Activity

The Living off the Land Binaries, Scripts, and Libraries project (LOLBAS) offers a comprehensive list of exploits attackers use. It’s best to study one binary (LOLBIN) at a time, examining how the specific program is typically used. Once your team knows what appropriate usage looks like, you can begin identifying abnormal behavior from that program.

Derek Wilson, principal consultant at security firm NetSPI, underscored the importance of using this resource. “By finding a way to baseline detections against something like the Living Off the Land Binaries And Scripts (LOLBAS) project, which is set up to track LOTL threats, teams can then build proactive detection plans for the procedures that aren’t caught,” he said.

Wilson recommended additional software to help teams develop general detection methods. “Breach and attack simulation (BAS) tools are invaluable in baselining detective controls and continuously improving detection of LOTL attacks,” he said. BAS tools give security teams insight into an attack lifecycle, behaving like a threat actor might to find security weaknesses more quickly.

You can read the full article here!

Discover why security operations teams choose NetSPI.