Living Off the Land (LOTL) Strategies for Cyber Defense (SS230)

#1712740: Living Off the Land (LOTL) Strategies for Cyber Defense (SS230)

Description:	The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer the Securing Systems laboratory-style training, Living Off the Land (LOTL) Strategies for Cyber Defense (SS230). We are excited to share this information with stakeholders across the Federal enterprise and nationally. The target audience is Federal Civilian Executive Branch (FCEB) organizations, but it is also applicable to State, Local, Tribal, and Territorial (SLTT) governments as well as private industry, critical infrastructure organizations who need to learn more about how to identify and mitigate common tactics, techniques, and procedures of cyber actors. In February 2024, CISA, NSA, and the FBI released cybersecurity advisory #AA24-038A “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure” noting the PRC state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the U.S. The use of identifying and mitigating “Living Off the Land (LOTL)” techniques provide threat detection information and mitigations applicable to threat. This training will help participants learn how everyday tools and processes built into operating systems are used by threat actors to gain access to additional resources and data once they have gained a foothold in a network. Participants will learn how to view logs for indicators of compromise (IoCs) specific to Living Off the Land techniques. By referring to CISA materials, students will understand how attackers use trusted software to stay under the radar. This laboratory-style training will explore the following aspects: Introduction to Living Off the Land: Describe LOTL and the purpose it serves to aid in a cyberattack Define LOTL attacks: Discuss different attack types and how they are used for persistence and escalation. Share resources and links to tool libraries and show what native tools are used in malicious activities Discuss and apply hardening techniques: Discuss zero trust and hardening best practices and see how they can be applied to protect against LOTL techniques. Identify malicious activity: Analyze logs to determine if indicators exist. Practice in a realistic environment: Apply remediation and mitigation best practices by using specific tools and enabling logging and monitoring policies.
More info:	https://cisa.webex.com/webappng/sites/cisa/meeting/register/f63faedc9d1d4c84b4f36d3c849d4f95

Description:

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer the Securing Systems laboratory-style training, Living Off the Land (LOTL) Strategies for Cyber Defense (SS230). We are excited to share this information with stakeholders across the Federal enterprise and nationally.

The target audience is Federal Civilian Executive Branch (FCEB) organizations, but it is also applicable to State, Local, Tribal, and Territorial (SLTT) governments as well as private industry, critical infrastructure organizations who need to learn more about how to identify and mitigate common tactics, techniques, and procedures of cyber actors.

In February 2024, CISA, NSA, and the FBI released cybersecurity advisory #AA24-038A “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure” noting the PRC state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the U.S. The use of identifying and mitigating “Living Off the Land (LOTL)” techniques provide threat detection information and mitigations applicable to threat.

This training will help participants learn how everyday tools and processes built into operating systems are used by threat actors to gain access to additional resources and data once they have gained a foothold in a network. Participants will learn how to view logs for indicators of compromise (IoCs) specific to Living Off the Land techniques. By referring to CISA materials, students will understand how attackers use trusted software to stay under the radar.

This laboratory-style training will explore the following aspects:

Introduction to Living Off the Land: Describe LOTL and the purpose it serves to aid in a cyberattack

Define LOTL attacks: Discuss different attack types and how they are used for persistence and escalation. Share resources and links to tool libraries and show what native tools are used in malicious activities

Discuss and apply hardening techniques: Discuss zero trust and hardening best practices and see how they can be applied to protect against LOTL techniques.

Identify malicious activity: Analyze logs to determine if indicators exist.

Practice in a realistic environment: Apply remediation and mitigation best practices by using specific tools and enabling logging and monitoring policies.

More info:

https://cisa.webex.com/webappng/sites/cisa/meeting/register/f63faedc9d1d4c84b4f36d3c849d4f95

Date added	Nov. 20, 2025, 4:57 p.m.
Source	Webex
Subjects	Living Off the Land Attack PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. US Cybersecurity and Infrastructure Security Agency (CISA) - Previously US-CERT
Venue	Dec. 11, 2025, midnight - Dec. 11, 2025, midnight