Recent trends have shown that attackers are relying more and more on legitimate system tools during the attack. The technique of using legitimate system tools for carrying out malicious activity is known as living of the land. These system tools are used by system administrators to carry out their daily activities making it impossible to block these tools. By leveraging system tools, attackers can carry out malicious activity
making it nearly impossible to be detected. These system tools can be used during any stage of an attack, for example reconnaissance, lateral movement, persistence, covering tracks, data exfiltration etc. In this presentation I will be discussing the latest trends involving living on the land and demonstrate 2-3 system tools and how they are being used for malicious purposes. Finally, I will be touching a little bit on PowerShell and how it is becoming the first choice of attackers and what defenders can do to protect their environment.