The Backup Wrap-Up

Living Off the Land Attack: Hackers Using Your Own Tools Against You


Listen Later

A living off the land attack is one of the sneakiest techniques in a ransomware operator's playbook — and in this episode, Dr. Mike Saylor breaks down exactly what it is, how it works, and what your organization can actually do about it.

Instead of bringing their own tools into your environment (which might trip your alarms), attackers just use what's already there. PowerShell. WMI. RDP. The same tools your admins run every single day. To your monitoring systems, it looks completely normal. That's the whole point.

Mike and Curtis cover why attackers prefer your tools over their own, how recon can quietly run for 30 to 90 days before the attack goes loud, and what defenders can actually do about it — removing admin privileges, system hardening, golden images, application whitelisting, and free tools like Nmap and Wireshark. There's also a match.com story involving organized crime and a wooden casket on someone's front porch that you really don't want to miss.

0:00 - Intro

1:21 - Welcome and Book Announcement

3:28 - What Is a Living Off the Land Attack?

5:38 - Real-World Example: Conti Ransomware and WMI

8:12 - Why Attackers Use Your Tools Instead of Their Own

13:05 - Admin Privileges: Best Practice vs. Reality

17:31 - The Louvre Heist Analogy

20:08 - Recon Phase: Low and Slow

24:16 - What Defenders Can Do

25:55 - RDP and Remote Access

29:48 - The Recon Timeline: 30-90 Days

30:48 - PowerShell and System Hardening

34:10 - Network Discovery Tools (Nmap and Wireshark)

37:37 - Application Whitelisting and Geo IP Blocking

42:08 - Action Items and Wrap-Up

...more
View all episodesView all episodes
Download on the App Store

The Backup Wrap-UpBy W. Curtis Preston (Mr. Backup)

  • 4.7
  • 4.7
  • 4.7
  • 4.7
  • 4.7

4.7

26 ratings


More shows like The Backup Wrap-Up

View all
The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

289 Listeners

Risky Business by Risky Business Media

Risky Business

375 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

648 Listeners

Tech Talks Daily by Neil C. Hughes

Tech Talks Daily

201 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,030 Listeners

Smashing Security by Graham Cluley

Smashing Security

317 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,051 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

178 Listeners

Hacking Humans by N2K Networks

Hacking Humans

313 Listeners

Random but Memorable by 1Password

Random but Memorable

72 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

203 Listeners

Cybersecurity Headlines by CISO Series

Cybersecurity Headlines

136 Listeners

Risky Bulletin by Risky Business Media

Risky Bulletin

45 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

167 Listeners

The Rest Is Classified by Goalhanger

The Rest Is Classified

1,092 Listeners