Which term refers to attacks that exploit legitimate software tools?

Living-off-the-Land Techniques involve attackers abusing legitimate, installed software tools on a system to carry out malicious actions. This approach leverages trusted utilities already present (like PowerShell, WMI, certutil, mshta, or reg.exe) to perform tasks such as downloading payloads, executing commands, or moving laterally, all without introducing new, obviously malicious binaries. Because these tools are legitimate and commonly used for legitimate admin tasks, their misuse blends in with normal activity, making detection more challenging. Defenders must monitor for unusual or unexpected usage of these tools, such as encoded PowerShell commands, unexpected script activity, or tool processes running in contexts that don’t match the user or workload, and implement protections like strict application allowlists and enhanced EDR visibility. Fileless Attacks involve living in memory and may be related to LoLT techniques, but the term specifically describing exploiting legitimate tools is the living-off-the-land concept. Decoy Files are fake artifacts used to mislead, and Endpoint Security Trials aren’t a malware technique.