“Living off the land” is a term well understood by both offensive and defensive teams. For offensive teams, it’s meant by using the technologies already present on the system, such as Powershell, Python, and even Perl for those who like a challenge (or are facing an older Unix system). On the defensive side, enhanced logging and locked down configurations are put in place to detect and prevent the use of these tools by malicious actors to either catch or prevent these actors from doing harm.
Nathan Kirk (@sekirkity) joins me this week to talk about the concept behind “Bring Your Own Land”.
Some links of interest:
- BYOL Article – https://www.fireeye.com/blog/threat-research/2018/06/bring-your-own-land-novel-red-teaming-technique.html
- SpecterOps – https://specterops.io/
- Ghostpack – https://www.harmj0y.net/blog/redteaming/ghostpack/
- SharpView – https://github.com/tevora-threat/SharpView
- Nathan’s Twitter – https://twitter.com/sekirkity
Want to reach out to the show? There’s a few ways to get in touch!
- Purple Squad Security’s Twitter: @PurpleSquadSec
- John’s Twitter: @JohnsNotHere
- Podcast Website: purplesquadsec.com
- Sign-Up for our Slack community: https://signup.purplesquadsec.com
Thanks for listening, and as always, I will talk with you all again next time.