Cybercriminals have long been known for using legitimate tools and utilities for malicious activities. Recently, though, it has been observed by Positive Technologies that there has been a substantial increase in the use of “living-off-the-land” tactics. Why? Attackers that use legitimate tools are able to hide their activities in legitimate traffic. “Threat actors increasingly leverage dual-use tools or tools that are already preinstalled on targeted systems to carry out cyberattacks,” said Fortinet. The eight tools that are most commonly abused are: Cobalt Strike and Metasploit Pro, PowerShell, Windows Sysinternals, VNC, Windows Management Instrumentation (WMI), Mimikatz, TeamViewer, Trusted System Executables.