Living off the Land: Native Windows Tools for Blue Team Analysis

“Living off the land” is a term used by penetration testers describing the use of tools readily available on a target machine. In this presentation, Christopher I. Rodman (a Cyber Security Engineer in the CERT Division at the Software Engineering Institute) identifies programs and scripts native to Windows-based machines, and provides demonstrations of how different methods can be leveraged to collect information for incident response and forensic analysis.