{"id":1106,"date":"2025-09-17T07:30:55","date_gmt":"2025-09-17T07:30:55","guid":{"rendered":"https:\/\/icssindia.in\/blog\/?p=1106"},"modified":"2025-09-17T07:32:28","modified_gmt":"2025-09-17T07:32:28","slug":"living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats","status":"publish","type":"post","link":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/","title":{"rendered":"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats"},"content":{"rendered":"\n<div class=\"wp-block-media-text is-stacked-on-mobile has-ast-global-color-7-background-color has-background\" style=\"grid-template-columns:22% auto\"><figure class=\"wp-block-media-text__media\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"1536\" src=\"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/ChatGPT-Image-Sep-17-2025-12_42_42-PM-2.png\" alt=\"\" class=\"wp-image-1110 size-full\" srcset=\"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/ChatGPT-Image-Sep-17-2025-12_42_42-PM-2.png 1024w, https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/ChatGPT-Image-Sep-17-2025-12_42_42-PM-2-200x300.png 200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p>In the changing world of cybersecurity threats, Living off the Land Attacks (LOLBins) have become especially dangerous. They exploit legitimate tools and credentials already available in an environment. These attacks mix normal activity with malicious behavior, making them harder to spot. In this post, we will look at what LOLBins are, how insiders and credential-based attacks make use of them, real-world examples, detection methods, and how organizations and individuals can protect themselves against these threats.<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">What are LOLBins?<\/h2>\n\n\n\n<p>\u201cLiving off the Land\u201d means attackers use tools and binaries already on target systems, like PowerShell, WMI, or built-in OS utilities, so they do not need to introduce new suspicious tools. The benefit for attackers is a lower chance of detection, fewer traces left behind, and the ability to blend in with regular operations. These attacks can also involve insider threats, where authorized users misuse their privileges, or stolen credentials are exploited.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Insider &amp; Credential-Based Attacks Leverage LOLBins<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Insider Threats<\/strong>: Trusted users abusing their access. For example, a system administrator using built-in tools to access or exfiltrate sensitive data without raising alerts.<\/li>\n\n\n\n<li><strong>Stolen Credentials \/ Compromised Accounts<\/strong>: Once credentials are compromised, attackers can impersonate legitimate activity using available tools, evading detection systems.<\/li>\n\n\n\n<li><strong>Living off the Land + Privilege Escalation<\/strong>: Using compromised credentials to move laterally across network, use utilities for reconnaissance, persistence, exfiltration.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Why LOLBins Are Hard to Detect<\/h2>\n\n\n\n<p>1. Because no new or foreign binaries are introduced.<\/p>\n\n\n\n<p>2. Normal system tools often have elevated privileges, so their misuse can cause damage.<\/p>\n\n\n\n<p>3. Audit logs and monitoring often ignore or don\u2019t scrutinize native tools.<\/p>\n\n\n\n<p>4. Security tools may flag external tools or malware, but less so for built-in OS tools.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Real-World Examples<\/h2>\n\n\n\n<p>1. Attackers use PowerShell scripts to download malware or navigate laterally. <\/p>\n\n\n\n<p>2. They exploit WMI or PsExec to run commands on remote machines. <\/p>\n\n\n\n<p>3. Insiders misuse remote desktop tools or credential dump utilities that are part of the OS or trusted environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Detection and Monitoring Strategies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Strategy<\/strong><\/td><td><strong>What to Do<\/strong><\/td><\/tr><tr><td>Strategy<br>What to Do<br>Baseline &amp; behaviour monitoring<\/td><td>Know what \u201cnormal\u201d use of system tools looks like; abnormal usage or timing should trigger alerts.<\/td><\/tr><tr><td>Least Privilege \/ Segregation of Duties<\/td><td>Limit admin access; use role-based access so insiders or attackers can\u2019t misuse critical tools easily.<\/td><\/tr><tr><td>Credential Hygiene<\/td><td>Strong multi-factor authentication (MFA), regular credential audits, rotating service accounts.<\/td><\/tr><tr><td>Logging &amp; Auditing<\/td><td>Enhanced logging of native tool usage (PowerShell logs, WMI calls, use of admin tools)<\/td><\/tr><tr><td>Threat Hunting<\/td><td>Proactively hunting for signs of LOLBins usage; monitor unusual tool invocation or script execution.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Prevention and Mitigation Best Practices<\/h2>\n\n\n\n<p>1. Implement Zero Trust Principles \u2013 verify all access; assume no one is automatically trusted.<\/p>\n\n\n\n<p><br>2. Regular Access Reviews \u2013 assess who has privileged access; revoke unnecessary rights.<\/p>\n\n\n\n<p>3. Use Endpoint Protection \/ EDR Tools \u2013 utilize tools that can identify misuse of built-in tools.<\/p>\n\n\n\n<p>4. Employee Training and Awareness \u2013 insiders may not always have bad intentions; training helps identify social engineering and credential misuse.<\/p>\n\n\n\n<p>5. Incident Response Planning \u2013 having a clear plan helps minimize damage when misuse is detected.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How ICSS Can Help<\/h2>\n\n\n\n<p>1. If you&#8217;re interested in strengthening your skills for detecting &amp; preventing advanced threats, ICSS offers <strong>Ethical Hacking &amp; Pen-Testing<\/strong> training (see our <a>CEH v12 course outline<\/a> for modules relevant to detection of native tool misuse).<\/p>\n\n\n\n<p>2. Also, for understanding how to investigate incidents involving credential misuse or insider threats, our <strong>Digital Forensics<\/strong> blog post <em>How to kick-start a career in Digital Forensics<\/em> gives insight into tools and methodologies to analyze evidence. <a href=\"https:\/\/icssindia.in\/blog\/how-to-kick-start-a-career-in-digital-forensics\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">ICSS India<\/a><\/p>\n\n\n\n<p>3. ICSS\u2019s training in <strong>Cybersecurity Awareness<\/strong> and <strong>Threat Hunting<\/strong> can help build the capability to monitor and respond to Living off the Land Attacks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Living off the Land Attacks using LOLBins alongside insider or credential-based threats present a sophisticated challenge. Because attackers leverage tools you already trust, the key is not just preventing intrusion but building visibility, response, and governance. By combining good access control, monitoring, training, and forensic readiness, organizations can reduce the risk and impact of such attacks.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the changing world of cybersecurity threats, Living off the Land Attacks (LOLBins) have become especially dangerous. They exploit legitimate [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1109,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"normal-width-container","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1106","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats - Blog.ICSS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats - Blog.ICSS\" \/>\n<meta property=\"og:description\" content=\"In the changing world of cybersecurity threats, Living off the Land Attacks (LOLBins) have become especially dangerous. They exploit legitimate [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog.ICSS\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/icssindiaa\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-17T07:30:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-17T07:32:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1\" \/>\n\t<meta property=\"og:image:height\" content=\"1\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@icssindiaa\" \/>\n<meta name=\"twitter:site\" content=\"@icssindiaa\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/icssindia.in\/blog\/#\/schema\/person\/4792914fc6288fbf79fd93652777a7e9\"},\"headline\":\"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats\",\"datePublished\":\"2025-09-17T07:30:55+00:00\",\"dateModified\":\"2025-09-17T07:32:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/\"},\"wordCount\":656,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/icssindia.in\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/\",\"url\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/\",\"name\":\"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats - Blog.ICSS\",\"isPartOf\":{\"@id\":\"https:\/\/icssindia.in\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png\",\"datePublished\":\"2025-09-17T07:30:55+00:00\",\"dateModified\":\"2025-09-17T07:32:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#primaryimage\",\"url\":\"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png\",\"contentUrl\":\"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png\",\"caption\":\"Attackers no longer always rely on malware\u2014Living off the Land Attacks (LOLBins) use trusted system tools, making them harder to detect. Learn how insiders and credential misuse amplify the risk.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/icssindia.in\/blog\/home\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/icssindia.in\/blog\/#website\",\"url\":\"https:\/\/icssindia.in\/blog\/\",\"name\":\"Blog.ICSS\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/icssindia.in\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/icssindia.in\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/icssindia.in\/blog\/#organization\",\"name\":\"Blog.ICSS\",\"url\":\"https:\/\/icssindia.in\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/icssindia.in\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2023\/02\/cropped-Logo-ICSS-remove-bg-1.png\",\"contentUrl\":\"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2023\/02\/cropped-Logo-ICSS-remove-bg-1.png\",\"width\":707,\"height\":353,\"caption\":\"Blog.ICSS\"},\"image\":{\"@id\":\"https:\/\/icssindia.in\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/icssindiaa\/\",\"https:\/\/x.com\/icssindiaa\",\"https:\/\/www.instagram.com\/icssindia.in\/\",\"https:\/\/www.linkedin.com\/school\/icssindia\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/icssindia.in\/blog\/#\/schema\/person\/4792914fc6288fbf79fd93652777a7e9\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/icssindia.in\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3961e2565dc1b8d36a8f464ede749ca2f7e572b56e32e2d8b47def7fbe55fa56?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3961e2565dc1b8d36a8f464ede749ca2f7e572b56e32e2d8b47def7fbe55fa56?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/icssindia.in\/blog\"],\"url\":\"https:\/\/icssindia.in\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats - Blog.ICSS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/","og_locale":"en_US","og_type":"article","og_title":"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats - Blog.ICSS","og_description":"In the changing world of cybersecurity threats, Living off the Land Attacks (LOLBins) have become especially dangerous. They exploit legitimate [&hellip;]","og_url":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/","og_site_name":"Blog.ICSS","article_publisher":"https:\/\/www.facebook.com\/icssindiaa\/","article_published_time":"2025-09-17T07:30:55+00:00","article_modified_time":"2025-09-17T07:32:28+00:00","og_image":[{"url":"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png","width":1,"height":1,"type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@icssindiaa","twitter_site":"@icssindiaa","twitter_misc":{"Written by":"admin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#article","isPartOf":{"@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/"},"author":{"name":"admin","@id":"https:\/\/icssindia.in\/blog\/#\/schema\/person\/4792914fc6288fbf79fd93652777a7e9"},"headline":"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats","datePublished":"2025-09-17T07:30:55+00:00","dateModified":"2025-09-17T07:32:28+00:00","mainEntityOfPage":{"@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/"},"wordCount":656,"commentCount":0,"publisher":{"@id":"https:\/\/icssindia.in\/blog\/#organization"},"image":{"@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#primaryimage"},"thumbnailUrl":"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/","url":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/","name":"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats - Blog.ICSS","isPartOf":{"@id":"https:\/\/icssindia.in\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#primaryimage"},"image":{"@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#primaryimage"},"thumbnailUrl":"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png","datePublished":"2025-09-17T07:30:55+00:00","dateModified":"2025-09-17T07:32:28+00:00","breadcrumb":{"@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#primaryimage","url":"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png","contentUrl":"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2025\/09\/LOLBins.png","caption":"Attackers no longer always rely on malware\u2014Living off the Land Attacks (LOLBins) use trusted system tools, making them harder to detect. Learn how insiders and credential misuse amplify the risk."},{"@type":"BreadcrumbList","@id":"https:\/\/icssindia.in\/blog\/living-off-the-land-attacks-lolbins-understanding-insider-and-credential-based-threats\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/icssindia.in\/blog\/home\/"},{"@type":"ListItem","position":2,"name":"Living off the Land Attacks (LOLBins): Understanding Insider and Credential-based Threats"}]},{"@type":"WebSite","@id":"https:\/\/icssindia.in\/blog\/#website","url":"https:\/\/icssindia.in\/blog\/","name":"Blog.ICSS","description":"","publisher":{"@id":"https:\/\/icssindia.in\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/icssindia.in\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/icssindia.in\/blog\/#organization","name":"Blog.ICSS","url":"https:\/\/icssindia.in\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/icssindia.in\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2023\/02\/cropped-Logo-ICSS-remove-bg-1.png","contentUrl":"https:\/\/icssindia.in\/blog\/wp-content\/uploads\/2023\/02\/cropped-Logo-ICSS-remove-bg-1.png","width":707,"height":353,"caption":"Blog.ICSS"},"image":{"@id":"https:\/\/icssindia.in\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/icssindiaa\/","https:\/\/x.com\/icssindiaa","https:\/\/www.instagram.com\/icssindia.in\/","https:\/\/www.linkedin.com\/school\/icssindia"]},{"@type":"Person","@id":"https:\/\/icssindia.in\/blog\/#\/schema\/person\/4792914fc6288fbf79fd93652777a7e9","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/icssindia.in\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3961e2565dc1b8d36a8f464ede749ca2f7e572b56e32e2d8b47def7fbe55fa56?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3961e2565dc1b8d36a8f464ede749ca2f7e572b56e32e2d8b47def7fbe55fa56?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/icssindia.in\/blog"],"url":"https:\/\/icssindia.in\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/posts\/1106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/comments?post=1106"}],"version-history":[{"count":3,"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/posts\/1106\/revisions"}],"predecessor-version":[{"id":1114,"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/posts\/1106\/revisions\/1114"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/media\/1109"}],"wp:attachment":[{"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/media?parent=1106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/categories?post=1106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icssindia.in\/blog\/wp-json\/wp\/v2\/tags?post=1106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}