8 LOLBins Every Threat Hunter Should Know

crowdcast-image

On-demand

Learn how adversaries abuse LOLBins and how you can uncover these activities using threat hunting recommendations.

Join expert threat hunters from CrowdStrike's Falcon OverWatch Elite team as they investigate how adversaries abuse living-off-the-land binaries (LOLBins) to stealthily achieve actions on objectives. After dissecting a full year’s worth of interactive intrusion data, Falcon OverWatch Elite threat hunters identified the most commonly abused LOLBins — and distilled the critical insights that defenders need to know to protect their organizations against the misuse of these binaries. 

Watch this CrowdCast to learn more about:

  • Major trends associated with LOLBin abuse
  • Real-world examples of Rundll32, wmic/WmiPrvSE, and Msiexec abuse taken from actual Falcon OverWatch observed intrusions
  • Tactical and practical threat hunting recommendations to help you uncover this activity in your environment

After watching the CrowdCast, you can find additional LOLBins featured in the new research paper 8 LOLBins Threat Hunters Should Know, which provides in-depth analysis and further insight into this adversarial tradecraft.