Which term describes attacks that use legitimate tools and techniques in an authorized operating environment to perform malicious actions?

Living off the land attacks involve attackers using legitimate tools already present in the target environment to carry out malicious actions. Rather than introducing new malware, they leverage built-in utilities and administration tools (like PowerShell, WMI, certutil, etc.) to perform steps such as credential access, privilege escalation, data collection, or lateral movement. Because these actions appear as normal administrative activity and use trusted software, they can evade traditional detection methods that look for unfamiliar programs or payloads. This is why the approach is effective in an authorized environment. The other options don’t describe this behavior: exploiting a vulnerability with a separate exploit kit typically requires new malware or code; an Advanced Reporting Tool is not a recognized attack pattern; patch management is a defensive practice focused on applying updates.