{"id":4451,"date":"2025-05-24T14:03:26","date_gmt":"2025-05-24T22:03:26","guid":{"rendered":"https:\/\/www.antivirusaz.com\/faq\/?post_type=ht_kb&#038;p=4451"},"modified":"2025-05-24T14:03:26","modified_gmt":"2025-05-24T22:03:26","slug":"what-are-living-off-the-land-binaries-lolbins","status":"publish","type":"ht_kb","link":"https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/","title":{"rendered":"What are Living-off-the-Land Binaries (LOLBins)?"},"content":{"rendered":"<p><strong>Living-off-the-Land Binaries (LOLBins)<\/strong> are <em>legitimate system tools<\/em> and executables\u2014already present in operating systems like Windows or Linux\u2014that attackers abuse to carry out malicious actions without using traditional malware. These tools include binaries like <strong>PowerShell<\/strong>, <strong>cmd.exe<\/strong>, <strong>wscript.exe<\/strong>, and <strong>rundll32.exe<\/strong>.<\/p>\n<p>Because LOLBins are signed, trusted, and essential for normal operations, their use doesn\u2019t usually trigger security alerts. Attackers leverage them to <em>download payloads<\/em>, <em>exfiltrate data<\/em>, <em>move laterally<\/em>, or <em>escalate privileges<\/em>, all while staying under the radar.<\/p>\n<p>This technique is part of a broader trend called <strong>Living off the Land (LotL)<\/strong>, where attackers use built-in tools to avoid detection and blend in with normal activity.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Living-off-the-Land Binaries (LOLBins) are legitimate system tools and executables\u2014already present in operating systems like Windows or Linux\u2014that attackers abuse to carry out malicious actions without using traditional malware. These tools include binaries like PowerShell, cmd.exe, wscript.exe, and rundll32.exe. Because LOLBins are signed, trusted, and essential for normal operations, their use doesn\u2019t usually trigger security alerts. [&hellip;]<\/p>\n","protected":false},"author":1,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"ht-kb-category":[12],"ht-kb-tag":[584,582,583],"class_list":["post-4451","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-threats-vulnerabilities","ht_kb_tag-living-off-the-land-binaries","ht_kb_tag-lolbin","ht_kb_tag-lolbins"],"blocksy_meta":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What are Living-off-the-Land Binaries (LOLBins)?<\/title>\n<meta name=\"description\" content=\"LOLBins are legitimate system tools attackers abuse to evade detection. Learn how cybercriminals use them to hide malicious activity in plain sight.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What are Living-off-the-Land Binaries (LOLBins)?\" \/>\n<meta property=\"og:description\" content=\"LOLBins are legitimate system tools attackers abuse to evade detection. Learn how cybercriminals use them to hide malicious activity in plain sight.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/\" \/>\n<meta property=\"og:site_name\" content=\"Antivirus and Security Software FAQs &amp; Blog\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.antivirusaz.com\/faq\/wp-content\/uploads\/2023\/02\/antivirusaz-faq-blog-logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/what-are-living-off-the-land-binaries-lolbins\\\/\",\"url\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/what-are-living-off-the-land-binaries-lolbins\\\/\",\"name\":\"What are Living-off-the-Land Binaries (LOLBins)?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#website\"},\"datePublished\":\"2025-05-24T22:03:26+00:00\",\"description\":\"LOLBins are legitimate system tools attackers abuse to evade detection. Learn how cybercriminals use them to hide malicious activity in plain sight.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/what-are-living-off-the-land-binaries-lolbins\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/what-are-living-off-the-land-binaries-lolbins\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/art\\\/what-are-living-off-the-land-binaries-lolbins\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What are Living-off-the-Land Binaries (LOLBins)?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#website\",\"url\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/\",\"name\":\"Antivirus and Security Software FAQs & Blog\",\"description\":\"Frequently asked questions about antivirus and security software, and other computer security related issues.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#organization\"},\"alternateName\":\"AntivirusAZ.com FAQs & Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#organization\",\"name\":\"AntiVirusAZ.com\",\"url\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/antivirusaz-faq-blog-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/antivirusaz-faq-blog-logo.png\",\"width\":1536,\"height\":512,\"caption\":\"AntiVirusAZ.com\"},\"image\":{\"@id\":\"https:\\\/\\\/www.antivirusaz.com\\\/faq\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What are Living-off-the-Land Binaries (LOLBins)?","description":"LOLBins are legitimate system tools attackers abuse to evade detection. Learn how cybercriminals use them to hide malicious activity in plain sight.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/","og_locale":"en_US","og_type":"article","og_title":"What are Living-off-the-Land Binaries (LOLBins)?","og_description":"LOLBins are legitimate system tools attackers abuse to evade detection. Learn how cybercriminals use them to hide malicious activity in plain sight.","og_url":"https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/","og_site_name":"Antivirus and Security Software FAQs &amp; Blog","og_image":[{"width":1536,"height":512,"url":"https:\/\/www.antivirusaz.com\/faq\/wp-content\/uploads\/2023\/02\/antivirusaz-faq-blog-logo.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/","url":"https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/","name":"What are Living-off-the-Land Binaries (LOLBins)?","isPartOf":{"@id":"https:\/\/www.antivirusaz.com\/faq\/#website"},"datePublished":"2025-05-24T22:03:26+00:00","description":"LOLBins are legitimate system tools attackers abuse to evade detection. Learn how cybercriminals use them to hide malicious activity in plain sight.","breadcrumb":{"@id":"https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.antivirusaz.com\/faq\/art\/what-are-living-off-the-land-binaries-lolbins\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.antivirusaz.com\/faq\/"},{"@type":"ListItem","position":2,"name":"What are Living-off-the-Land Binaries (LOLBins)?"}]},{"@type":"WebSite","@id":"https:\/\/www.antivirusaz.com\/faq\/#website","url":"https:\/\/www.antivirusaz.com\/faq\/","name":"Antivirus and Security Software FAQs & Blog","description":"Frequently asked questions about antivirus and security software, and other computer security related issues.","publisher":{"@id":"https:\/\/www.antivirusaz.com\/faq\/#organization"},"alternateName":"AntivirusAZ.com FAQs & Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.antivirusaz.com\/faq\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.antivirusaz.com\/faq\/#organization","name":"AntiVirusAZ.com","url":"https:\/\/www.antivirusaz.com\/faq\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.antivirusaz.com\/faq\/#\/schema\/logo\/image\/","url":"https:\/\/www.antivirusaz.com\/faq\/wp-content\/uploads\/2023\/02\/antivirusaz-faq-blog-logo.png","contentUrl":"https:\/\/www.antivirusaz.com\/faq\/wp-content\/uploads\/2023\/02\/antivirusaz-faq-blog-logo.png","width":1536,"height":512,"caption":"AntiVirusAZ.com"},"image":{"@id":"https:\/\/www.antivirusaz.com\/faq\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb\/4451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/comments?post=4451"}],"version-history":[{"count":1,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb\/4451\/revisions"}],"predecessor-version":[{"id":4452,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb\/4451\/revisions\/4452"}],"wp:attachment":[{"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/media?parent=4451"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb-category?post=4451"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.antivirusaz.com\/faq\/wp-json\/wp\/v2\/ht-kb-tag?post=4451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}