Attackers are exploiting native tools for malicious activities
These utilities are legitimate components of the operating system, designed to perform administrative, maintenance, or operational tasks.
Because LOLBins are inherently trusted and often allowed by security software, attackers leverage them to bypass security measures, execute code, maintain persistence, and move laterally within a network without deploying external malicious software. This technique allows attackers to "live off the land," minimising their footprint and attempting to reduce the possibility of detection by the security team.
Certutil.exe is an excellent example of a LOLBin. It is a command-line utility that comes with Microsoft Windows and is intended for managing certificates on Windows systems. However, its functionalities, such as downloading, installing, and managing certificates, make it an attractive tool for attackers/red teams. They can misuse Certutil.exe utility application to download malware from a remote server, decode malicious files encoded to evade detection and execute malware while appearing as legitimate system activity.
In a world where cyber threats are increasingly sophisticated and pervasive, the importance of a robust SIEM system cannot be overstated. They serve as the cornerstone of many organisations’ cybersecurity strategies.
And yet, many struggle on with the sheer amount of data being provided through, mountains of false positives, spiralling costs, reduced budgets and resource.
A cloud-native SaaS SIEM platform, it’s built for security teams that are stretched thin by overwhelming amounts of data and an ever-evolving threat landscape. It’s optimised for the analyst experience so its intuitive workflow gives them contextual analytics into cybersecurity threats to cut through noise and quickly and secure the environment.
This data sheet will answer a lot of your questions. If you have any more, you can book a Clinic session with one of their specialists.
LogRhythm Axon offers a cloud-native SaaS SIEM platform. It blends the advantages of both SaaS and cloud-native approaches, freeing security teams from infrastructure management to focus on threat detection and response.
Pull back the curtain on the leading cloud-native SaaS SIEM
The latest cloud-native SIEM strategies & new solutions in this webcast from LogRhythm
Vulnerabilities to be aware of, what’s to come with GenAI
LogRhythm Axon's Kevin Eley goes pulls no punches!
LogRhythm Axon's Guy Grieve untangles cloud-native SIEM.
Joanne Wong of LogRhythm takes her seat
LogRhythm Axon's Matt Willems talks flexibility of cloud-native SIEM and much more!
White paper: Cloud-native SIEM
Definitions and best practices
5 good reasons to make the shift
See which SIEM is right for you with this handy comparison table.
How to improve security analyst and SOC team experience.
Share this story
Let us know what you think about the article.