Security News > 2023 > May > Prevent attackers from using legitimate tools against you
Using commonly available tools allows attackers to evade detection.
While custom-built tools or malware can be flagged as malicious by endpoint products, commercially available tools are often marked as clean or allow-listed by organizations.
The relative ease with which attackers can weaponize organizations' own software lies in the fact that IT and security personnel commonly authorize these tools in standard environments.
There are also legitimate tools used for audit, AD enumeration and password recovery that attackers conveniently use to perform reconnaissance or credential dumping.
Attackers can use legitimate binaries or tools that are part of operating systems to carry out malicious activities.
As time passes, we will no doubt see attackers get increasingly creative with how they abuse legitimate tools, and AI will no doubt play a huge role in helping defenders detect and contain these attacks.