Living Off the Land (LOTL): Strategies for Cyber Defense (SS230)

#1726555: Living Off the Land (LOTL): Strategies for Cyber Defense (SS230) - March 26, 2026

Description:	Agenda The Cybersecurity and Infrastructure Security Agency (CISA) is offering the Securing Systems laboratory-style training, Living Off the Land (LOTL): Strategies for Cyber Defense (SS230). We are excited to share this information with stakeholders across the Federal enterprise and nationally. The target audience is Federal Civilian Executive Branch (FCEB) organizations, but it is also applicable to State, Local, Tribal, and Territorial (SLTT) governments as well as private industry, critical infrastructure organizations who need to learn more about how to identify and mitigate common tactics, techniques, and procedures of cyber actors. In February 2024, CISA, NSA, and the FBI released cybersecurity advisory #AA24-038A “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure” noting the PRC state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the U.S. The use of identifying and mitigating LOTL techniques provide threat detection information and mitigations applicable to threat. This training will help participants learn how everyday tools and processes built into operating systems are used by threat actors to gain access to additional resources and data once they have gained a foothold in a network. Participants will learn how to view logs for indicators of compromise (IoCs) specific to LOTL techniques. By referring to CISA materials, students will understand how attackers use trusted software to stay under the radar. This laboratory-style training is structured as three modules that explore the following aspects: Introduction to Living Off the Land: Describe LOTL and the purpose it serves to aid in a cyberattack. Define LOTL attacks: Discuss attack types that leverage LOTL techniques to maintain persistence and escalate privileges. Share resources and links to tool libraries and show what native tools are used in malicious activities. Discuss and apply hardening techniques: Discuss zero trust and hardening best practices and see how they can be applied to protect against LOTL techniques. Identify malicious activity: Analyze logs to determine if indicators exist. Practice in a realistic environment: Apply remediation and mitigation best practices by using specific tools and enabling logging and monitoring policies.
More info:	https://cisa.webex.com/webappng/sites/cisa/meeting/register/1c4ccb4f03fd4fe38178b0e5ad44ac2c?ticket=4832534b00000006a30023a6c73344e50ad738c6ea0dc983e259ca26e6fd938ce0eb232205cc3f1f&timestamp=1772508987668&RGID=rd7d1307f93ee2267785a1ab16a998818&isAutoPopRegisterForm=false

Description:

Agenda
The Cybersecurity and Infrastructure Security Agency (CISA) is offering the Securing Systems laboratory-style training, Living Off the Land (LOTL): Strategies for Cyber Defense (SS230). We are excited to share this information with stakeholders across the Federal enterprise and nationally.

The target audience is Federal Civilian Executive Branch (FCEB) organizations, but it is also applicable to State, Local, Tribal, and Territorial (SLTT) governments as well as private industry, critical infrastructure organizations who need to learn more about how to identify and mitigate common tactics, techniques, and procedures of cyber actors.

In February 2024, CISA, NSA, and the FBI released cybersecurity advisory #AA24-038A “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure” noting the PRC state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the U.S. The use of identifying and mitigating LOTL techniques provide threat detection information and mitigations applicable to threat.

This training will help participants learn how everyday tools and processes built into operating systems are used by threat actors to gain access to additional resources and data once they have gained a foothold in a network. Participants will learn how to view logs for indicators of compromise (IoCs) specific to LOTL techniques. By referring to CISA materials, students will understand how attackers use trusted software to stay under the radar.

This laboratory-style training is structured as three modules that explore the following aspects:

Introduction to Living Off the Land: Describe LOTL and the purpose it serves to aid in a cyberattack.

Define LOTL attacks: Discuss attack types that leverage LOTL techniques to maintain persistence and escalate privileges. Share resources and links to tool libraries and show what native tools are used in malicious activities.

Discuss and apply hardening techniques: Discuss zero trust and hardening best practices and see how they can be applied to protect against LOTL techniques.

Identify malicious activity: Analyze logs to determine if indicators exist.

Practice in a realistic environment: Apply remediation and mitigation best practices by using specific tools and enabling logging and monitoring policies.

More info:

https://cisa.webex.com/webappng/sites/cisa/meeting/register/1c4ccb4f03fd4fe38178b0e5ad44ac2c?ticket=4832534b00000006a30023a6c73344e50ad738c6ea0dc983e259ca26e6fd938ce0eb232205cc3f1f&timestamp=1772508987668&RGID=rd7d1307f93ee2267785a1ab16a998818&isAutoPopRegisterForm=false

Date added	March 3, 2026, 5:10 a.m.
Source	Webex
Subjects	Living Off the Land Attack PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. Security Management/Strategic Security/ROI/ROSI - CISO and Higher Level US Cybersecurity and Infrastructure Security Agency (CISA) - Previously US-CERT
Venue	March 26, 2026, midnight - March 26, 2026, midnight