Windows Platform’s Risk Assessment in Response to LOLBins Attacks

Windows Platform’s Risk Assessment in Response to LOLBins Attacks

연구 분야: Safety

학회: 2023 IEEE 21st Student Conference on Research and Development (SCOReD)

Attackers utilise the evasion method known as “living off the land” to weaponize native, whitelisted operating system binaries. It is frequently used to avoid detection by current anti-virus software because of its lawful purpose as a system utility, which makes it impossible to completely remove it from the system. Attackers conduct stealthy and persistent attacks (APT) using legitimate system binaries and tools (LOLBins). The most crucial step in identifying and addressing the specific security risk is researching the vulnerable devices and systems that pertain to the LOLBins attack. The risk assessment can be done by analysing tactics, techniques and procedures that are being used by the attackers to perform LOLBins attacks by referring to the Common Vulnerabilities and Exposure (CVE) database and the MITRE ATT&CK framework. Additionally, indicators of attack (IOA) are examined to optimise risk assessment in response to LOLBins attacks.