Living-off-the-land techniques are notoriously difficult to detect because they use legitimate system tools. How would you hunt for malicious use of PowerShell, WMI, or other built-in Windows tools?

Sample answer preview

Living-off-the-land techniques, sometimes referred to as LOLBins attacks, are particularly challenging because the tools being used are legitimate and present on every Windows system. You cannot simply block PowerShell or WMI because administrators rely on them daily.