0PricingLogin
Cyber Security Academy · Lesson

Living-Off-the-Land Binaries (LOLBins)

Use trusted Windows binaries (certutil, mshta, regsvr32) to evade detection.

What are LOLBins?

Living-Off-the-Land Binaries (LOLBins) are legitimate OS binaries and tools repurposed by attackers to perform malicious actions. Since these are trusted, signed system tools, they often bypass application whitelisting and reduce AV/EDR detection.

Why LOLBins Are Effective

Advantages for attackers:

  • Always present on target systems — no need to drop new files
  • Signed by Microsoft/Apple — bypass signature-based detection
  • Trusted by application whitelisting solutions
  • Generate legitimate-looking process trees

All lessons in this course

  1. C2 Frameworks: Cobalt Strike and Sliver
  2. Living-Off-the-Land Binaries (LOLBins)
  3. Lateral Movement Techniques
  4. Red Team Report Writing
← Back to Cyber Security Academy