Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

View Schedule & Pricing
Get a Quote
Book a Meeting

Popular Searches

CISSP Security+ AWS Azure CCNA CompTIA Cloud Cybersecurity

Quick Links

Global Accelerated Learning • Est. 1999
Glossary Term Living off the Land Binaries (LOLBins)

Training Camp • Cybersecurity Glossary

What is Living off the Land Binaries (LOLBins)?

LOLBins are legitimate signed system binaries (e.g., PowerShell, certutil) that attackers abuse to execute code and evade detection while blending in.

Glossary > Threats, Malware & Attacks > Living off the Land Binaries (LOLBins)

Living off the Land Binaries (LOLBins) Definition: LOLBins are legitimate signed system binaries (e.g., PowerShell, certutil) that attackers abuse to execute code and evade detection while blending in.

Understanding Living off the Land Binaries (LOLBins)

Living off the Land Binaries, or LOLBins, are legitimate, signed system tools and binaries that attackers abuse to carry out malicious actions while blending in with normal activity. Examples include PowerShell, certutil, mshta, rundll32, and wmic on Windows, which can download payloads, execute code, or move laterally without dropping obvious malware. Because these binaries are trusted and pre-installed, LOLBin techniques help adversaries evade allowlisting and signature-based detection.

Learn More About Living off the Land Binaries (LOLBins):

← Live Response Back to All Terms Living Off the Land Binary LOLBin →

Related Cybersecurity Terms

Reconnaissance Phase
External Threat
Cyber Kill Chain
Zero Day Attacks

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →