During a penetration test, you discover that attackers leveraged a built-in Windows program to compile instructions from a project file and run malicious code as part of normal operations. Which method best describes how they employed that living-off-the-land approach?
They modified service startup entries to load a malicious library using unauthorized hooks.
They compiled malicious instructions from a specialized file through a trusted program, letting hidden content run under a legitimate process name.
They replaced a system driver to embed harmful functions and remain active in kernel mode.
They launched a script from a network share using a remote desktop tool to sidestep local restrictions.
Compiling a crafted file through a trusted, built-in Windows utility allows malicious code to be run under an approved process. This makes it harder for security tools to detect because it appears to be part of normal activity. The other choices do not align with the process of interpreting a project file to implicitly run harmful tasks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Living-off-the-Land (LotL)?
Open an interactive chat with Bash
Which Windows utilities are commonly abused in Living-off-the-Land attacks?
Open an interactive chat with Bash
How can defenders detect and mitigate Living-off-the-Land attacks?