Living off the land: Attackers leverage legitimate tools for malicious ends Living-off-the-land techniques remain popular December 24, 2019 https://www.symantec.com/blogs/threat-intelligence/living-land-legitimate-tools-malicious New research (2019): White Paper: "Living off the Land - Turning Your Infrastructure Against You" (PDF - 1.28 MB): https://www.symantec.com/content/dam/symantec/docs/white-papers/living-off-the-land-turning-your-infrastructure-against-you-en.pdf Previous research (2017): White Paper: "Living off the land and fileless attack techniques - An ISTR Special Report" (PDF - 524 KB): https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf
Cool, nice report. It's good to see that most of these attacks can be stopped by simply monitoring process execution. Here is a list of the so called LOLBins that are often used in these attacks: https://lolbas-project.github.io