DEF CON 29 ICS Village - Aaron Boyd - Living off the Land in an ICS OT Penetration Test

Many antivirus or application whitelisting solutions are composed of signature-based detections only monitoring for known malicious files or tools being executed or loaded onto the disk of an operating system by default. Knowing this, adversaries and activity groups needed to put a focus to living off the land tactics and techniques to target ICS/OT environments as well as enterprise environments if they are being used as the pivoting point in reaching an ICS/OT environment. Living off the Land is the term used to describe the use of typically pre-existing utilities, that are known and trusted with legitimate capabilities, present on a victim host and network for nefarious purposes. Aaron Boyd, a Senior Industrial Penetration Tester with Dragos, will talk about and show an example of one of the living off the land techniques used by Dragos when conducting penetration tests within an ICS/OT environment and some strategies customers can use to detect it.