Living Off the Land as a Defender: Detecting Attacks with Flexible Baselines
Attackers often “live off the land” by using tools built into Windows (and other operating systems) to accomplish their goals. These OS-native tools are particularly effective because they offer a range of powerful capabilities, are rarely blocked, and are difficult to monitor. While evidence is...