Living off the Land: Как легитимные утилиты стали оружием в руках хакеров на примере Rare Werewolf

В мире кибербезопасности уже не первый год набирает популярность тактика «Living off the Land» (LOTL) — «живущие за счёт земли». Её суть заключается в том, чтобы максимально использовать легитимное программное обеспечение и встроенные функции операционной системы для достижения злонамеренных целей. Это позволяет злоумышленникам эффективно маскироваться на заражённой системе, ведь активность программ вроде curl.exe, AnyDesk.exe или установщика WinRAR редко вызывает подозрения у рядовых пользователей и даже у некоторых систем защиты. Давайте детально разберём один из ярких примеров использования этой тактики, чтобы наглядно увидеть, как безобидные, на первый взгляд, программы могут быть превращены в мощное оружие для целевой атаки. Всем привет! Меня зовут Александр, я вирусный аналитик и реверс-инженер. Подписывайтесь на мой тг-канал - там много полезного контента. Поднять занавес атаки

https://habr.com/ru/articles/967934/

#анализ_вредоносов #реверсинжиниринг #Librarian_Ghouls #Rare_Werewolf #living_off_the_land #lotl #malware_analysis #троян #стилер #упаковщик

I had to cut this one down a bit too because it didn't even fit in the GD frame, nvm the mounting board. However it fits in much better than the card because the text isn't really necessary. I might change the picture out at one point but I really like this look and photograph. Not sure if it was the photographer they use now, but he takes amazing photos. The lighting is always so nice.
#LordOfTheLost #LotL #musicartwork #photography

Heute gibt’s was auf die Ohren.

🤘

#dusseldorf #MitsubishiElectricHalle #LOTL #LordOfTheLost #Feuerschwanz

Klaas and Benji have their collage pages done. I haven't done the drawing pages yet cos I can't really focus enough at the moment but hopefully soon.
Bits of an old calendar, some crepe wrapping paper, the Japanese napkins and some stickers my friend sent me. And ofc the lyric strips thanks to my charity shop typewriter:)
#scrapbooking #lotl #lordofthelost

👨‍💻 Evasive #malware is on the rise, and in our latest webinar, #ANYRUN experts revealed how to detect #phishkits, #ClickFix, and #LOTL attacks.

These methods help SOC teams cut triage time, gain better threat visibility, and respond faster.

Watch now: https://youtu.be/Ze27bW8v5MU?si=sq6ZAq_MkEUqHo-6

Two days sleeping/bed rotting after a relatively ok Saturday...things not been very good tbh but I managed to just do the centrefold of my #lotl journal.
Nearly had a meltdown trying to get the paper into my typewriter before - after twenty minutes - realising I was actually putting it in the wrong place.
#scrapbooking #lordofthelost #journal

Being off work has freed up my brain and I've been able to make more and draw more. Let's see how it continues when I go back.
Obsessed with Kim Kitsuragi from Disco Elysium, despite having only played Day 1 so far...kinda scared to carry on because it seems like it's gonna be really intense and I will be sad when it's over, like RDR2. Mixture of the quiet kindness and patience with the sexy voice I think. Plus I think he likes notebooks and I think that's cute.
#discoelysium #kimkitsuragi #lotl

Morning, cyber pros! It's been a bit quiet over the last 24 hours, but we've still got some critical updates to chew on. We're looking at a nasty WhatsApp zero-day, some clever abuse of forensic tools for C2, and a new infostealer campaign leveraging fake PDF editors. Let's dive in:

Actively Exploited Zero-Days in WhatsApp and Apple ⚠️
- WhatsApp has patched CVE-2025-55177, a vulnerability in its iOS and macOS apps, which may have been exploited in the wild.
- This flaw, related to insufficient authorisation of linked device sync messages, is believed to have been chained with Apple's CVE-2025-43300, an ImageIO out-of-bounds write, for targeted zero-click attacks.
- Amnesty International confirmed WhatsApp notified targeted individuals, including civil society members, suggesting an advanced spyware campaign. Users should factory reset and keep all software updated.

🤔 The Hacker News | https://thehackernews.com/2025/08/whatsapp-issues-emergency-update-for.html

New Tradecraft: Velociraptor Abuse, Teams Phishing, and Infostealer Campaigns 🛡️
- Threat actors are evolving their living-off-the-land tactics by abusing legitimate tools like Velociraptor, an open-source forensic platform, to establish C2 tunnels and deploy Visual Studio Code.
- We're also seeing a rise in Microsoft Teams phishing, where attackers impersonate IT help desks to deliver remote access tools and PowerShell payloads for credential theft and RCE, bypassing traditional email defences.
- A new infostealer, "TamperedChef," is being distributed via fraudulent PDF editing apps promoted through Google ads, with the malicious payload activated days after installation to evade initial detection. Some of these apps also turn user systems into residential proxies.

🤔 The Hacker News | https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/tamperedchef-infostealer-delivered-through-fraudulent-pdf-editor/

#CyberSecurity #InfoSec #ThreatIntelligence #ZeroDay #Vulnerability #WhatsApp #Apple #Malware #Infostealer #Velociraptor #MicrosoftTeams #Phishing #SocialEngineering #LotL #IncidentResponse

Annoyed that I borked the cover but the inside looks nice. Have done Pi's pages, and Nik's pages are done (though I wanna add something to the drawing page, like Pi's). Tomorrow is Chris' pages.
#junkjournal #LotL #LordOfTheLost #scrapbook #art #drawings

heise+ | Cyberangriffe ohne Malware: Living off the Land | iX Magazin https://www.heise.de/hintergrund/Cyberangriffe-ohne-Malware-Living-off-the-Land-10348800.html #heiseplus #LoTL #LOL #CyberCrime #Hacking

Popular Medusa Ransomware utilizes many LOTL (Living of the Land) techniques - CISA https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a #cybersecurity #ransomware #Medusa #LOTL #Windows #CISA

for Route53 fanbois out there such as myself, I wrote a dynamic dns client under living off the land constraints.

#ddns #aws #lotl

https://www.new23d.com/living-off-the-land-dynamic-dns-for-route-53/

"Living off the Land (LOTL) attacks: How North Korea’s Lazarus Group Hackers Exploited Windows" published by SystemWeakness. #LOTL, #Lazarus, #DPRK, #CTI https://systemweakness.com/living-off-the-land-lotl-attacks-how-north-korea-lazarus-group-hackers-exploited-windows-a46ee8fb945f

More food for thought... Human operated attacks can be hard to detect.

Especially if they are of the #LOTL variety.

Or perhaps not hard to detect, but tricky to adjudicate. This is why an MDR service is valuable.
1/3

Was looking for a good Awesome list on Living Off the Land ( #LOL #LOtL ) tools/techniques. Found some helpful sites / repos but either nothing I could contribute to or it was limited.

So... I made one: https://github.com/danzek/awesome-lol-commonly-abused

Contributions welcome, whether by replying to this post or sending a PR on GitHub.

#lolbins #lolbas

🔍 "If you can’t see what’s happening on your network, you can’t defend it." – Brian Dye, CEO of Corelight.

What if the biggest threat isn’t something from outside, but something that’s already inside your network?

In the latest episode of Exploring Information Security, Brian Dye discusses with Timothy De Block the challenge of detecting Living off the Land (#LotL) attacks, why gaining complete network visibility is crucial for defending against these evolving threats, and much more... 👀

🎧 Catch the full episode here: https://exploresec.com/eis/2024/1/2/shownotes-template-y3ecp-l5yfp-7d4gw

#Cybersecurity #NetworkSecurity #NDR #podcast

Wer ist noch beim #Lordfest in der #sporthallehamburg ?

#lotl #lordofthelost #hamburg

Mift, wir werden es vermutlich aus gesundheitlichen Gründen nicht zum #Lordfest in #Hamburg am 14. Dez schaffen.

Mag jemand unsere beiden Tickets für 50 EUR + Versand übernehmen?

Bitte teilen 🙏

Edit: Schade, verfallen nun 😶

Versand per Einwurf-Einschreiben oder Abholung #Freudenstadt

#lotl #LordOfTheLost

Living off the Land: разбор задания от экспертов F.A.C.C.T. на CyberCamp2024

Привет Хабр! На связи Владислав Азерский , заместитель руководителя Лаборатории цифровой криминалистики компании F.A.C.C.T. и Иван Грузд , ведущий специалист по реагированию на инциденты и цифровой криминалистике компании F.A.C.C.T. В начале октября мы приняли участие в практической конференции по кибербезопасности CyberCamp 2024 в качестве спикеров. Ссылки на доклады вот и вот. Имея опыт в области реагирования на инциденты ИБ, было принято решение сфокусировать темы докладов на одном из наиболее популярных подходов к реализации современных атак среди злоумышленников – Living off the Land (LotL). Он подразумевает собой использование легитимных программ и инструментов для реализации задач на разных этапах атаки, будь то распространение по сети или выполнение команд на скомпрометированном устройстве.

https://habr.com/ru/companies/f_a_c_c_t/articles/861142/

#cybercamp_2024 #форензика #LotL #living_off_the_land #компьютерная_криминалистика #киберучения