LOLBins Under the Microscope: A Data-Driven Exploration of Abused System Binaries

No ratings

Presented at GrrCON 2025 by

Roy Correa

Living Off the Land (LOTL) attacks are a dominant force in modern cyber threats, appearing in a staggering 84% of high-severity attacks we’ve analyzed across over 700,000 incidents. This session presents a data-driven analysis of LOTL binaries, revealing the most frequently abused executables and challenging common assumptions. Our research has uncovered multiple surprises, from the true popularity of certain tools to the unexpectedly high legitimate use of others. Prepare for a deep dive into quantitative insights that will reshape your understanding of the LOTL landscape and inform your hardening strategies