Draft:Living-off-the-Land attack

Review waiting, please be patient. This may take 3 months or more, since drafts are reviewed in no specific order. There are 1,350 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · Living-off-the-Land attack (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Wikipedia) · Submitted 44 minutes ago by Faridgurbanov3 (talk: D · +) · Last edited 44 minutes ago by Faridgurbanov3

Submission declined on 18 September 2024 by 1AmNobody24 (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by 1AmNobody24 2 hours ago. Last edited by Faridgurbanov3 44 minutes ago. Reviewer: Inform author. This draft has been resubmitted and is currently awaiting re-review.

Submission declined on 15 September 2024 by Bonadea (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources. Still a patchwork of close paraphrasing, more and more awkwardly written. Still no sign of independent notability. Declined by Bonadea 2 days ago.

Submission declined on 14 September 2024 by Bonadea (talk). Wikipedia cannot accept material copied from elsewhere, unless it explicitly and verifiably has been released to the world under a suitably free and compatible copyright license or into the public domain and is written in an acceptable tone—this includes material that you own the copyright to. You should attribute the content of a draft to outside sources, using citations, but copying and pasting or closely paraphrasing sources is not acceptable. The entire draft should be written using your own words and structure. This submission has now been cleaned of the above-noted copyright violation and its history redacted by an administrator to remove the infringement. If re-submitted (and subsequent additions do not reintroduce copyright problems), the content may be assessed on other grounds. Declined by Bonadea 3 days ago.

Submission declined on 9 September 2024 by S0091 (talk). This submission is not suitable for Wikipedia. Please read "What Wikipedia is not" for more information. Declined by S0091 8 days ago.

Submission declined on 9 September 2024 by Utopes (talk). This submission does not appear to be written in the formal tone expected of an encyclopedia article. Entries should be written from a neutral point of view, and should refer to a range of independent, reliable, published sources. Please rewrite your submission in a more encyclopedic format. Please make sure to avoid peacock terms that promote the subject. This submission reads more like an essay than an encyclopedia article. Submissions should summarise information in secondary, reliable sources and not contain opinions or original research. Please write about the topic from a neutral point of view in an encyclopedic manner. Declined by Utopes 9 days ago.

Submission declined on 8 September 2024 by Utopes (talk). This submission does not appear to be written in the formal tone expected of an encyclopedia article. Entries should be written from a neutral point of view, and should refer to a range of independent, reliable, published sources. Please rewrite your submission in a more encyclopedic format. Please make sure to avoid peacock terms that promote the subject. This submission reads more like an essay than an encyclopedia article. Submissions should summarise information in secondary, reliable sources and not contain opinions or original research. Please write about the topic from a neutral point of view in an encyclopedic manner. Declined by Utopes 9 days ago.

Submission declined on 7 September 2024 by Theroadislong (talk). This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are: in-depth (not just passing mentions about the subject) reliable secondary independent of the subject Make sure you add references that meet these criteria before resubmitting. Learn about mistakes to avoid when addressing this issue. If no additional references exist, the subject is not suitable for Wikipedia. Declined by Theroadislong 10 days ago.

• Comment: A patchwork of minimal paraphrasing from the sources. In addition to the copyvio/plagiarism problem, it also creates some rather awkward wording such as "This in turn makes it quite confusing for the defenders on the network to segregate between an authentic user’s activity and the same user engaging in a malicious activity", cf the source's phrasing "this makes it difficult for network defenders to discern legitimate behavior from malicious behavior [...]" (page 2 in the source) bonadea contributions talk 11:46, 14 September 2024 (UTC)

• Comment: This crosses between WP:NOTHOWTO and WP:NOTESSAY. In addition, most of the sources are not reliable (blogs, WP:FORBESCON, commercial sites, conference proceedings, etc.). If resubmitted without substantial improvement with both the content and sourcing, the draft may be rejected meaning it will not longer be considered. S0091 (talk) 21:56, 9 September 2024 (UTC)

• Comment: Still contains WP:NPOV and tone issues, with some brand new questionable sentences. "By combining these approaches, organizations can strengthen their defense against LOTL attacks and reduce the likelihood of undetected system compromises.", which independent, reliable source asserts this? Utopes _{(talk / cont)} 06:34, 9 September 2024 (UTC)

• Comment: This currently reads like a "PSA announcement" on avoiding "living off the land" attacks, when it should be written like an encyclopedia article and fully described like so. The sourcing is also insufficient, which independent reliable source states that: "These actions taken together enhance the overall capability of the organization to defend and to recover from LOTL threats."? Utopes _{(talk / cont)} 21:25, 8 September 2024 (UTC)

Living-Off-the-Land (LOTL) refers to a fileless malware cyberattack technique whereby the threat actors utilize the available system tools and built-in system features to compromise the networks while remaining undetected ^[1]. Unlike traditional types of cyber assaults with a malware infection, in this case, the attacker does not import external malware into the systems ^[2]. Instead, cybercriminals use the inbuilt utilities and administrative options available making it hard even for the traditional security features to pick them out.

Several legitimate system utilities are commonly employed in LOTL attacks, and these tools, which are integral to operating system functionality or administrative processes, can be misused to execute malicious actions. Some of the most frequently exploited software include ^[1]:

• VB scripts
• PowerShell scripts
• netsh commands
• The task scheduler
• the WMI command line (WMIC)

This article contains instructions, advice, or how-to content. Please help rewrite the content so that it is more encyclopedic or move it to Wikiversity, Wikibooks, or Wikivoyage.

Advanced monitoring techniques, such as behavior analysis and machine learning are used to identify unusual system activity that may indicate an ongoing LOTL attack^[3]

Several strategies for prevention include:

• Implement Process Detection Rules: Apply detection rules to identify suspicious processes such as PowerShell and Command Prompt triggered by Microsoft Office applications.^[2]
• Leverage Advanced Tools: Engage in endpoint monitoring and conduct behavioral analytics to respond to suspicious acts.^[3]
• Use User & Entity Behavioral Analytics: Build or acquire automation (such as machine learning models) to continually review all logs to compare current activities against established behavioral baselines and alert on specified anomalies.^[2]
• Least Privilege Principle: Grant users only the minimum privileges necessary to perform their job duties ^[3].