Legitimate Utilities and LotL

Many legitimate Windows and Linux utilities can be used in post-exploitation. Use of legitimate tools to perform post-exploitation activity is referred to as Living-off-the-land or fileless malware. Fileless malware is reference to the idea that there is no need to install any additional software or binaries. Examples of living-off-the-land techniques include:

• PowerShell

• PowerSploit and Empire

• BloodHound

• WMI

• SysInternals and PSExec

• WinRM